{"vulnerability": "CVE-2022-2020", "sightings": [{"uuid": "83597429-655c-4484-9dcc-1994e415d382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20209", "type": "seen", "source": "https://t.me/cibsecurity/44538", "content": "\u203c CVE-2022-20209 \u203c\n\nIn hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:46.000000Z"}, {"uuid": "2763d9d8-0494-475a-bce1-7ebe017ffbd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20201", "type": "seen", "source": "https://t.me/cibsecurity/44537", "content": "\u203c CVE-2022-20201 \u203c\n\nIn getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220733817\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:44.000000Z"}, {"uuid": "e63adcd0-7fbc-4b67-a2c9-1cff21c8b884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20205", "type": "seen", "source": "https://t.me/cibsecurity/44536", "content": "\u203c CVE-2022-20205 \u203c\n\nIn isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:43.000000Z"}, {"uuid": "134810f7-4f49-44b1-8dc1-5e0743183578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20204", "type": "seen", "source": "https://t.me/cibsecurity/44525", "content": "\u203c CVE-2022-20204 \u203c\n\nIn registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:29.000000Z"}, {"uuid": "f8de86be-b54d-4d15-ba31-8ceb8024f41d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20206", "type": "seen", "source": "https://t.me/cibsecurity/44535", "content": "\u203c CVE-2022-20206 \u203c\n\nIn setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220737634\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:42.000000Z"}, {"uuid": "3d2b9f73-c6db-4dd0-8a4f-3a18b861a6b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20208", "type": "seen", "source": "https://t.me/cibsecurity/44534", "content": "\u203c CVE-2022-20208 \u203c\n\nIn parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192743373\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:41.000000Z"}, {"uuid": "46d8d925-b013-48c2-8b4e-b51a2f062c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20207", "type": "seen", "source": "https://t.me/cibsecurity/44530", "content": "\u203c CVE-2022-20207 \u203c\n\nIn static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:37.000000Z"}, {"uuid": "5345e8d2-2ae3-4781-b3e7-59a51f86c6bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20201", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9441", "content": "Android's CVE-2022-20201 (InstalldNativeService)\n\nhttps://pwner.gg/blog/Android's-CVE-2022-20201", "creation_timestamp": "2024-12-13T11:00:41.000000Z"}, {"uuid": "9c87a5fa-2ad0-4936-b70d-4812ef28c1d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20201", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2423", "content": "Android's CVE-2022-20201 (InstalldNativeService)\nhttps://pwner.gg/blog/Android's-CVE-2022-20201", "creation_timestamp": "2025-05-07T19:09:15.000000Z"}]}