CVE-2024-43083Allocation of Resources Without Limits or Throttling in Packages Modules Wifi

CWE-770Allocation of Resources Without Limits or Throttling5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Packages Modules WifiGoogle Android
Timeline
PublishedNov 13

Description

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Androidplatform/packages_modules_wifi15-next:015-next:2024-11-01+4
CVEListV5google/android5 versions+4
NVDgoogle/android5 versions+4

Patches

Patch: android.googlesource.comPatch: source.android.com

🔴Vulnerability Details

3
CVEList
CVE-2024-43083: In validate of WifiConfigurationUtil2024-11-13
GHSA
GHSA-fvrc-whm3-2jqq: In validate of WifiConfigurationUtil2024-11-13
OSV
CVE-2024-43083: In validate of WifiConfigurationUtil2024-11-01

📋Vendor Advisories

1
Android
CVE-2024-43083: Android Security Bulletin 2024-11-01 CVE: CVE-2024-43083 Severity: HIGH Type: DoS Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-3483522882024-11-01
CVE-2024-43083 — Packages Modules Wifi vulnerability | cvebase