CVE-2023-21176Uncontrolled Resource Consumption in System Security

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 90.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform System SecurityGoogle Android
Timeline
PublishedJun 28

Description

In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

Androidplatform/system_security13-next:013-next:2023-06-01+1
CVEListV5google/androidAndroid-13
NVDgoogle/android13.0

🔴Vulnerability Details

3
GHSA
GHSA-rwh2-qmx3-w2p5: In list_key_entries of utils2023-06-28
CVEList
CVE-2023-21176: In list_key_entries of utils2023-06-28
OSV
CVE-2023-21176: In list_key_entries of utils2023-06-01
CVE-2023-21176 — Uncontrolled Resource Consumption | cvebase