CVE-2021-0993Uncontrolled Resource Consumption in Google Android

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 42.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks BaseGoogle Android
Timeline
PublishedDec 15
Latest updateDec 16

Description

In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193849901

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-12
NVDgoogle/android12.0
Androidplatform/frameworks_base12:012:2021-12-01

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-h8x7-v99m-g63r: In getOffsetBeforeAfter of TextLine2021-12-16
OSV
CVE-2021-0993: In getOffsetBeforeAfter of TextLine2021-12-01
CVE-2021-0993 — Uncontrolled Resource Consumption | cvebase