CVE-2023-29725 - OpenCVE

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bt21 X Bts Wallpaper Project	Bt21 X Bts Wallpaper

Configuration 1 [-]

cpe:2.3:a:bt21_x_bts_wallpaper_project:bt21_x_bts_wallpaper:12:*:*:*:*:android:*:*

References

Link	Resource
http://bungaakpstudio007.com	Broken Link
https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK	Product
https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md	Exploit Third Party Advisory
https://play.google.com/store/apps/details?id=com.cuiet.blockCalls	Not Applicable

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-02T00:00:00

Updated: 2023-06-02T00:00:00

Reserved: 2023-04-07T00:00:00

Link: CVE-2023-29725

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-02T04:15:49.863

Modified: 2023-06-09T16:40:30.467

Link: CVE-2023-29725

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bt21_x_bts_wallpaper_project:bt21_x_bts_wallpaper:12:*:*:*:*:android:*:*", "matchCriteriaId": "2CF3F2D6-8AB5-4BC8-AE16-E927397B454C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack."}, {"lang": "es", "value": "La aplicaci\u00f3n BT21 x BTS Wallpaper v12 para Android permite que aplicaciones no autorizadas soliciten activamente permisos para insertar datos en la base de datos que registra informaci\u00f3n sobre las preferencias personales de un usuario y que se cargar\u00e1 en la memoria para ser le\u00edda y utilizada cuando se abra la aplicaci\u00f3n. Al inyectar datos, el atacante puede forzar a la aplicaci\u00f3n a cargar URLs de im\u00e1genes maliciosas y mostrarlas en la interfaz de usuario. A medida que aumente la cantidad de datos, acabar\u00e1 provocando que la aplicaci\u00f3n desencadene un error \"OOM\" y se bloquee, dando lugar a un ataque persistente de denegaci\u00f3n de servicio. "}], "id": "CVE-2023-29725", "lastModified": "2023-06-09T16:40:30.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-02T04:15:49.863", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://bungaakpstudio007.com"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}