Lucene search

[email protected]CVE-2023-21090

HistoryApr 19, 2023 - 8:15 p.m.

CVE-2023-21090

2023-04-1920:15:11

CWE-400

[email protected]

web.nvd.nist.gov

cve-2023-21090

android

parsingpackageutils

denial of service

resource exhaustion

local

exploit

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942609

Affected configurations

NVD

Node

googleandroidMatch13.0

CPENameOperatorVersion
google:androidgoogle androideq13.0

CPE	Name	Operator	Version
google:android	google android	eq	13.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android-13",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2023-04-01

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for CVE-2023-21090

nvd1 osv1 prion1 cvelist1