What is CVE-2022-20473?

CVE-2022-20473 is a vulnerability in Android. Published 2022-12-13.

Is CVE-2022-20473 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Android

CVE-2022-20473

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for e…

EPSS: 0.509 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a Android — versions Android-10 Android-11 Android-12 Android-12L Android-13

Public proof-of-concept exploits

Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473
Trinadh465/frameworks_minikin_AOSP10_r33_CVE-2022-20473
Trinadh465/frameworks_
k0mi-tg/CVE-POC
manas3c/CVE-POC
nomi-sec/PoC-in-GitHub
whoforget/CVE-POC
youwizard/CVE-POC
ARPSyndicate/cvemon

References

source.android.com/security/bulletin/2022-12-01

Frequently asked questions

What is CVE-2022-20473?: CVE-2022-20473 is a vulnerability in Android. Published 2022-12-13.
Is CVE-2022-20473 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.