CVE-2021-0313
published 2021-01-11CVE-2021-0313: In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.68%
74.0th percentile
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_minikin | >= 10:0 < 10:2021-01-01 | 10:2021-01-01 |
| platform | frameworks_minikin | >= 11:0 < 11:2021-01-01 | 11:2021-01-01 |
| platform | frameworks_minikin | >= 8.0:0 < 8.0:2021-01-01 | 8.0:2021-01-01 |
| platform | frameworks_minikin | >= 8.1:0 < 8.1:2021-01-01 | 8.1:2021-01-01 |
| platform | frameworks_minikin | >= 9:0 < 9:2021-01-01 | 9:2021-01-01 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jrrf-28xq-3v3x: In isWordBreakAfter of LayoutUtils
ghsa_unreviewed·2022-05-24
CVE-2021-0313 [HIGH] CWE-20 GHSA-jrrf-28xq-3v3x: In isWordBreakAfter of LayoutUtils
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514.
OSV
CVE-2021-0313: In isWordBreakAfter of LayoutUtils
osv·2021-01-01
CVE-2021-0313 CVE-2021-0313: In isWordBreakAfter of LayoutUtils
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2021-0313: Android Security Bulletin 2021-01-01
CVE: CVE-2021-0313
Severity: CRITICAL
Type: DoS
Affected AOSP versions: 8
vendor_android·2021-01-01·CVSS 7.5
CVE-2021-0313 [HIGH] CVE-2021-0313: Android Security Bulletin 2021-01-01
CVE: CVE-2021-0313
Severity: CRITICAL
Type: DoS
Affected AOSP versions: 8
Android Security Bulletin 2021-01-01
CVE: CVE-2021-0313
Severity: CRITICAL
Type: DoS
Affected AOSP versions: 8.0, 8.1, 9, 10, 11
References: A-170968514
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-01-11
Published