cbcvebase.
CVE-2021-0313
published 2021-01-11

CVE-2021-0313: In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.68%
74.0th percentile
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514.

Affected

16 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformframeworks_minikin>= 10:0 < 10:2021-01-0110:2021-01-01
platformframeworks_minikin>= 11:0 < 11:2021-01-0111:2021-01-01
platformframeworks_minikin>= 8.0:0 < 8.0:2021-01-018.0:2021-01-01
platformframeworks_minikin>= 8.1:0 < 8.1:2021-01-018.1:2021-01-01
platformframeworks_minikin>= 9:0 < 9:2021-01-019:2021-01-01

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.