CVE-2023-29748

Опубликовано: 01 июн. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.

Ссылки

https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk
Product
https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29748/CVE%20detail.md
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=ru.yandex.yandexnavi
Not Applicable
https://www.instagram.com/nihans_macrame/
Not Applicable
https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk
Product
https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29748/CVE%20detail.md
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=ru.yandex.yandexnavi
Not Applicable
https://www.instagram.com/nihans_macrame/
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:story_saver_for_instagram_-_video_downloader_project:story_saver_for_instagram_-_video_downloader:1.0.6:*:*:*:*:android:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fqwp-fg4q-6w25