CVE-2023-21253

Опубликовано: 06 окт. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Ссылки

https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529
Mailing List
Patch
https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e
Mailing List
Patch
https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7
Mailing List
Patch
https://source.android.com/security/bulletin/2023-10-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529
Mailing List
Patch
https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e
Mailing List
Patch
https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7
Mailing List
Patch
https://source.android.com/security/bulletin/2023-10-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-400

Связанные уязвимости

CVE-2023-21253

CVSS3: 5.5

ubuntu

больше 2 лет назад

GHSA-2chj-m9fw-9mf5

CVSS3: 5.5

github

больше 2 лет назад

EPSS

Процентиль: 18%

0.00058

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-400