PT-2023-17937 · Google · Android
Published
2023-06-01
·
Updated
2024-12-18
·
CVE-2023-21144
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-11 through Android-13
Description
The issue is related to a possible temporary denial of service due to long running operations in the
doInBackground method of NotificationContentInflater.java. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Recommendations
For Android versions Android-11 through Android-13, consider restricting or optimizing the
doInBackground method of NotificationContentInflater.java to prevent long running operations that could lead to denial of service. As a temporary workaround, consider implementing measures to limit the impact of remote denial of service attacks until a patch is available.Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android