Vulnerability Description
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bt21 X Bts Wallpaper Project | Bt21 X Bts Wallpaper | 12 |
References
- http://bungaakpstudio007.comBroken Link
- https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoProduct
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.mdExploitThird Party Advisory
- https://play.google.com/store/apps/details?id=com.cuiet.blockCallsNot Applicable
- http://bungaakpstudio007.comBroken Link
- https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoProduct
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.mdExploitThird Party Advisory
- https://play.google.com/store/apps/details?id=com.cuiet.blockCallsNot Applicable
FAQ
What is CVE-2023-29725?
CVE-2023-29725 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preference...
How severe is CVE-2023-29725?
CVE-2023-29725 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29725?
Check the references section above for vendor advisories and patch information. Affected products include: Bt21 X Bts Wallpaper Project Bt21 X Bts Wallpaper.