{"vulnerability": "CVE-2022-20338", "sightings": [{"uuid": "c9b3ebd9-aa08-4833-946c-ed381f8c12e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20338", "type": "seen", "source": "https://t.me/arpsyndicate/272", "content": "#ExploitObserverAlert\n\nCVE-2022-20338\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-20338. In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 1.4\nNVD-ES: 1.8", "creation_timestamp": "2023-11-19T15:15:39.000000Z"}, {"uuid": "c4efa345-e721-4c54-9cf2-995ad8dc035d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20338", "type": "seen", "source": "https://t.me/cibsecurity/48036", "content": "\u203c CVE-2022-20338 \u203c\n\nIn Core Utilities, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171966843\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T18:33:39.000000Z"}, {"uuid": "487a7441-efdc-4bd5-bff6-40f0fa2fa9ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20338", "type": "seen", "source": "https://t.me/arpsyndicate/227", "content": "#ExploitObserverAlert\n\nCVE-2022-20338\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-20338. In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 1.4\nNVD-ES: 1.8", "creation_timestamp": "2023-11-17T07:02:37.000000Z"}]}