CVE-2023-29725

{"id": "CVE-2023-29725", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-06-02T04:15:49.863", "references": [{"url": "http://bungaakpstudio007.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://bungaakpstudio007.com", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack."}, {"lang": "es", "value": "La aplicaci\u00f3n BT21 x BTS Wallpaper v12 para Android permite que aplicaciones no autorizadas soliciten activamente permisos para insertar datos en la base de datos que registra informaci\u00f3n sobre las preferencias personales de un usuario y que se cargar\u00e1 en la memoria para ser le\u00edda y utilizada cuando se abra la aplicaci\u00f3n. Al inyectar datos, el atacante puede forzar a la aplicaci\u00f3n a cargar URLs de im\u00e1genes maliciosas y mostrarlas en la interfaz de usuario. A medida que aumente la cantidad de datos, acabar\u00e1 provocando que la aplicaci\u00f3n desencadene un error \"OOM\" y se bloquee, dando lugar a un ataque persistente de denegaci\u00f3n de servicio. "}], "lastModified": "2025-01-08T21:15:08.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bt21_x_bts_wallpaper_project:bt21_x_bts_wallpaper:12:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "2CF3F2D6-8AB5-4BC8-AE16-E927397B454C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}