Login Sign Up

CVE-2023-20966

7.8 HIGH
Buffer Overflow

📋 TL;DR

This CVE describes a heap buffer overflow vulnerability in Android's inflate.c library that allows local privilege escalation without user interaction. An attacker could exploit this to gain elevated privileges on affected Android devices. The vulnerability affects Android versions 11 through 13.

💻 Affected Systems

Products:
  • Android
Versions: Android 11, Android 12, Android 12L, Android 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected Android versions are vulnerable by default. The vulnerability is in the core Android system library.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root/system-level access, allowing installation of persistent malware, data theft, and bypassing of all security controls.

🟠

Likely Case

Local privilege escalation allowing an attacker to execute arbitrary code with elevated permissions, potentially leading to data exfiltration or further system compromise.

🟢

If Mitigated

Limited impact if devices are fully patched and have additional security controls like SELinux enforcing mode and app sandboxing properly configured.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device. No user interaction needed once attacker has foothold on device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin March 2023 patches

Vendor Advisory: https://source.android.com/security/bulletin/2023-03-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the March 2023 security patch. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

No workarounds available

all

This is a core system library vulnerability requiring patching at the OS level.

🧯 If You Can't Patch

  • Restrict physical access to devices and implement strong device management policies
  • Monitor for suspicious privilege escalation attempts and unusual process behavior

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 11, 12, 12L, or 13 without March 2023 security patches, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level in Settings > About phone shows March 2023 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process privilege escalation
  • SELinux denials related to inflate operations
  • Crash reports from system processes

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for network detection - focus on endpoint monitoring for privilege escalation

📊 Metadata

CVE ID: CVE-2023-20966
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 24, 2023
Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20966, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)