CVE-2023-29726

HIGH

Call Blocker 6.6.3 - Denial of Service via Database Injection

Title source: llm

Description

The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service.

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29726/CVE%20detail.md

View Exploit ZIP pw:eip

Product

https://play.google.com/store/apps/details?id=com.cuiet.blockCalls

Product

https://www.call-blocker.info/

Scores

CVSS v3 7.5

EPSS 0.0118

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (1)

applika/call_blocker 6.6.3

Published May 30, 2023

Tracked Since Feb 18, 2026