CVE-2023-42560 : Heap out-of-bounds write vulnerability in dec_mono

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

Published 2023-12-05 03:15:16

Updated 2023-12-08 19:55:47

Source Samsung Mobile

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2023-42560

Samsung » Android
Versions from including (>=) 11.0 and before (<) 14.0
cpe:2.3:o:samsung:android:*:*:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0
cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-apr-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-aug-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-dec-2022-r1
cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-feb-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-jan-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-jul-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-jun-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-mar-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-may-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-nov-2022-r1
cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-nov-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-oct-2022-r1
cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-oct-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*
Matching versions
Samsung » Android » Version: 14.0 Update Smr-sep-2023-r1
cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-42560

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-42560

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.4	HIGH	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	1.4	5.9	Samsung Mobile
Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-42560

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-42560

https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=12

Security Updates Firmware Updates | Samsung Mobile Security
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-42560

Products affected by CVE-2023-42560

Exploit prediction scoring system (EPSS) score for CVE-2023-42560

CVSS scores for CVE-2023-42560

CWE ids for CVE-2023-42560

References for CVE-2023-42560