Lucene search

[email protected]CVE-2023-29736

HistoryJun 01, 2023 - 9:15 p.m.

CVE-2023-29736

2023-06-0121:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-29736

keyboard themes

android

dictionary traversal

vulnerability

unauthorized apps

arbitrary code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution.

Affected configurations

NVD

Node

timmystudioskeyboard_themesMatch1.275.1.164android

CPENameOperatorVersion
timmystudios:keyboard_themestimmystudios keyboard themeseq1.275.1.164

CPE	Name	Operator	Version
timmystudios:keyboard_themes	timmystudios keyboard themes	eq	1.275.1.164

References

github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29736/CVE%20detail.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2023-29736

prion1 nvd1 cvelist1