CVE-2022-20260Uncontrolled Resource Consumption in Google Android

CWE-400Uncontrolled Resource Consumption2 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedAug 12
Latest updateAug 13

Description

In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220865698

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5google/androidAndroid-13
NVDgoogle/android13.0

🔴Vulnerability Details

1
GHSA
GHSA-7p9j-v7wx-xrr2: In the Phone app, there is a possible crash loop due to resource exhaustion2022-08-13