Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-21253

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#android#google#dos#java#auth

)]}’ { "commit": "84df68840b6f2407146e722ebd95a7d8bc6e3529", "tree": "fa1d11ee55cadaec79afb4b3e328a68efcb90e62", "parents": [ “57946e2bb73850e817b3c01fa5350d705e178e39” ], "author": { "name": "Michael Groover", "email": "[email protected]", "time": “Fri Mar 31 21:31:22 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu May 11 18:40:02 2023 +0000” }, "message": "Limit the number of supported v1 and v2 signers\n\nThe v1 and v2 APK Signature Schemes support multiple signers; this\nwas intended to allow multiple entities to sign an APK. Previously,\nthe platform had no limits placed on the number of signers supported\nin an APK, but this commit sets a hard limit of 10 supported signers\nfor these signature schemes to ensure a large number of signers\ndoes not place undue burden on the platform.\n\nBug: 266580022\nTest: Manually verified the platform only allowed an APK with the\n maximum number of supported signers.\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f6ee8a55f37c2b8c0df041b2bd53ec928764597)\nMerged-In: I6aa86b615b203cdc69d58a593ccf8f18474ca091\nChange-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091\n", "tree_diff": [ { "type": "modify", "old_id": "c8c1fd4eba21b64e1ecfc1c4909085dcbd1b3395", "old_mode": 33188, "old_path": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java", "new_id": "9801559854f931765f273395bae7398a2c7114eb", "new_mode": 33188, "new_path": “core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java” }, { "type": "modify", "old_id": "45254908c5c967400cfeb77b3f3f873f72ae9571", "old_mode": 33188, "old_path": "core/java/android/util/jar/StrictJarVerifier.java", "new_id": "a6aca330d323ebf85f74d6aaa59ccc1894fbb91f", "new_mode": 33188, "new_path": “core/java/android/util/jar/StrictJarVerifier.java” } ] }

Related news

CVE-2023-6273: December

Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907