CVE-2024-43093
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2024-11-13

Last updated on: 2025-10-23

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2024-11-13
Last Modified
2025-10-23
Generated
2026-06-12
AI Q&A
2024-11-13
EPSS Evaluated
2026-06-10
NVD
CVE-2024-43093
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
google android 12.0
google android 12.1
google android 13.0
google android 15.0
google android 14.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-176 The product does not properly handle when an input contains Unicode encoding.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2024-43093, involves a flaw in a part of the Android system that is supposed to prevent access to sensitive files. Due to a mistake in how the system handles certain characters (unicode normalization), it may allow unauthorized access to these files. To exploit this vulnerability, a user would need to interact with the system in a specific way.

Impact Analysis

If you use an Android device, this vulnerability could potentially allow someone to gain access to sensitive files on your device without needing special permissions. This could lead to unauthorized access to personal information or other sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-43093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart