CVE-2023-20910 — Uncontrolled Resource Consumption in Google Android

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedMar 24

Latest updateJul 1

Description

In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/android4 versions+3

▶NVDgoogle/android4 versions+3

▶googlegoogle/android

🔴Vulnerability Details

OSV

CVE-2023-20910: In add of WifiNetworkSuggestionsManager↗2023-03-24

▶

GHSA

GHSA-8499-278q-xrph: In addNetworkSuggestions of WifiManager↗2023-03-24

▶

📋Vendor Advisories

Android

CVE-2023-20910: Android Security Bulletin 2023-07-01 CVE: CVE-2023-20910 Severity: HIGH Type: DoS Affected AOSP versions: 11, 12, 12L, 13 References: A-245299920 [2]↗2023-07-01

▶