CVE-2024-43764Regex Denial of Service in Google Android

CWE-1333Regex Denial of Service5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 99.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedJan 3
Latest updateAug 23

Description

In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5google/android13, 14+1
NVDgoogle/android13.0, 14.0+1

Patches

Patch: android.googlesource.com

🔴Vulnerability Details

3
GHSA
Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet2025-08-23
GHSA
GHSA-2vvg-qw4w-m46v: In onPrimaryClipChanged of ClipboardListener2025-01-03
CVEList
CVE-2024-43764: In onPrimaryClipChanged of ClipboardListener2025-01-02

📋Vendor Advisories

1
Android
CVE-2024-43764: Android Security Bulletin 2024-12-01 CVE: CVE-2024-43764 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14 References: A-3170484952024-12-01
CVE-2024-43764 — Regex Denial of Service in Google | cvebase