CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://bungaakpstudio007.com	Broken Link
https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK	Product
https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md	Exploit Third Party Advisory
https://play.google.com/store/apps/details?id=com.cuiet.blockCalls	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:bt21_x_bts_wallpaper_project:bt21_x_bts_wallpaper:12:*:*:*:*:android:*:*

History

No history.

Information

Published : 2023-06-02 04:15

Updated : 2023-06-09 16:40

NVD link : CVE-2023-29725

Mitre link : CVE-2023-29725

CVE.ORG link : CVE-2023-29725

JSON object : View

Products Affected

bt21_x_bts_wallpaper_project

bt21_x_bts_wallpaper

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-29725", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-06-02T04:15:49.863", "references": [{"url": "http://bungaakpstudio007.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls", "tags": ["Not Applicable"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack."}, {"lang": "es", "value": "La aplicaci\u00f3n BT21 x BTS Wallpaper v12 para Android permite que aplicaciones no autorizadas soliciten activamente permisos para insertar datos en la base de datos que registra informaci\u00f3n sobre las preferencias personales de un usuario y que se cargar\u00e1 en la memoria para ser le\u00edda y utilizada cuando se abra la aplicaci\u00f3n. Al inyectar datos, el atacante puede forzar a la aplicaci\u00f3n a cargar URLs de im\u00e1genes maliciosas y mostrarlas en la interfaz de usuario. A medida que aumente la cantidad de datos, acabar\u00e1 provocando que la aplicaci\u00f3n desencadene un error \"OOM\" y se bloquee, dando lugar a un ataque persistente de denegaci\u00f3n de servicio. "}], "lastModified": "2023-06-09T16:40:30.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bt21_x_bts_wallpaper_project:bt21_x_bts_wallpaper:12:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "2CF3F2D6-8AB5-4BC8-AE16-E927397B454C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}