CVE-2022-29580 — HIGH (8.9)

Q: How severe is CVE-2022-29580?

CVE-2022-29580 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29580?

Check the references section above for vendor advisories and patch information. Affected products include: Google Google Search.

Vulnerability Description

There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41

CVSS Score

8.9

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Google	Google Search	< 13.41

Related Weaknesses (CWE)

CWE-22 CWE-427

References

https://support.google.com/faqs/answer/7496913?hl=enExploitVendor Advisory
https://support.google.com/faqs/answer/7496913?hl=enExploitVendor Advisory

FAQ

What is CVE-2022-29580?

CVE-2022-29580 is a vulnerability with a CVSS score of 8.9 (HIGH). There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to ge...

How severe is CVE-2022-29580?

CVE-2022-29580 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29580?

Check the references section above for vendor advisories and patch information. Affected products include: Google Google Search.