CVE-2024-40675Infinite Loop in Google Android

CWE-835Infinite Loop5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 62.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedJan 28

Description

In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5google/android4 versions+3
NVDgoogle/android4 versions+3

🔴Vulnerability Details

3
OSV
CVE-2024-40675: In parseUriInternal of Intent2025-01-28
GHSA
GHSA-wq23-xq9q-wf8w: In parseUriInternal of Intent2025-01-28
CVEList
CVE-2024-40675: In parseUriInternal of Intent2025-01-28

📋Vendor Advisories

1
Android
CVE-2024-40675: Android Security Bulletin 2024-10-01 CVE: CVE-2024-40675 Severity: HIGH Type: DoS Affected AOSP versions: 12, 12L, 13, 14 References: A-3186831262024-10-01
CVE-2024-40675 — Infinite Loop in Google Android | cvebase