CVE-2023-29731

Exploit

EPSS 0.08%
Veröffentlicht 30.05.2023 20:15:10
Zuletzt bearbeitet 13.01.2025 21:15:11
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Loka ≫ Solive SwPlatformandroid Version >= 1.6.14 <= 1.6.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.234

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29731/CVE%20detail.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-29731

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29731

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29731

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-29731