CVE-2022-20260 : In the Phone app, there is a possible crash loop due to resource exhaustion. Thi

In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220865698

Published 2022-08-12 15:15:10

Updated 2022-08-13 05:44:32

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-20260

Google » Android » Version: 13.0
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-20260

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-20260

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-20260

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-20260

https://source.android.com/security/bulletin/android-13

Android 13 Security Release Notes | Android Open Source Project
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-20260

Products affected by CVE-2022-20260

Exploit prediction scoring system (EPSS) score for CVE-2022-20260

CVSS scores for CVE-2022-20260

CWE ids for CVE-2022-20260

References for CVE-2022-20260