CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-47021

High Severity
Google
SVRS
68/100
CVSSv3
7.5/10
EPSS
0.00036/1

CVE-2024-47021 is a critical security vulnerability found in sms_CellBroadcast.c, leading to potential information disclosure. This out-of-bounds read issue stems from a missing bounds check in the sms_ExtractCbLanguage function. The SVRS score of 68 indicates a significant risk, although not immediately critical (above 80), organizations should still prioritize assessment and potential patching. Successful exploitation of CVE-2024-47021 allows attackers to remotely access sensitive information without needing any user interaction or elevated privileges. The presence of this CVE "In The Wild" increases its urgency and highlights the risk of it being actively exploited. Even though the CVSS score is 7.5, the real-world risk indicated by the SVRS suggests a more cautious approach is warranted. Addressing this vulnerability will prevent unauthorized data access and maintain system security.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-10-25
LAST MODIFIED2024-10-28
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-47021 is a vulnerability in sms_ExtractCbLanguage of sms_CellBroadcast.c, which could lead to remote information disclosure with no additional execution privileges needed. The vulnerability has a CVSS score of 0, indicating a low severity. However, SOCRadar's SVRS assigns it a score of 34, indicating a moderate risk.

Key Insights

  • The vulnerability allows an attacker to read sensitive information remotely without requiring any user interaction.
  • The vulnerability is relatively easy to exploit, as it does not require any special privileges or technical expertise.
  • The vulnerability could be used to obtain sensitive information such as phone numbers, text messages, and location data.

Mitigation Strategies

  • Update to the latest version of the affected software.
  • Disable the affected feature if possible.
  • Implement additional security measures such as firewalls and intrusion detection systems.

Additional Information

  • There are no known threat actors or APT groups actively exploiting this vulnerability.
  • There are no active exploits published for this vulnerability.
  • CISA has not issued a warning for this vulnerability.
  • The vulnerability is not known to be used in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-47021 | Google Android sms_CellBroadcast.c sms_ExtractCbLanguage out-of-bounds
vuldb.com2024-10-26
CVE-2024-47021 | Google Android sms_CellBroadcast.c sms_ExtractCbLanguage out-of-bounds | A vulnerability was found in Google Android. It has been classified as problematic. This affects the function sms_ExtractCbLanguage of the file sms_CellBroadcast.c. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-47021. It is possible to initiate
cve-2024-47021
domains
urls
cves

Social Media

CVE-2024-47021 In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosur… https://t.co/PTmd3tYbXn
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSGoogleandroid

References

ReferenceLink
[email protected]https://source.android.com/security/bulletin/pixel/2024-10-01

CWE Details

CWE IDCWE NameDescription
CWE-125Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence