CVE-2023-29731

HIGH

SoLive 1.6.14-1.6.20 - Denial of Service via SharedPreference Injection

Title source: llm

Description

SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29731/CVE%20detail.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0078

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-276

Status published

Products (1)

loka/solive 1.6.14 - 1.6.20

Published May 30, 2023

Tracked Since Feb 18, 2026