Infinite Loop Vulnerability in Intent.java of Android Framework
CVE-2024-40675

7.5HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 28 January 2025

Summary

A vulnerability exists in the parseUriInternal function of the Intent.java component of the Android framework. This flaw arises from insufficient input validation, potentially leading to an infinite loop. Exploitation of this vulnerability could result in a local denial of service situation, allowing an attacker to disrupt device functionality without needing any additional execution privileges. Importantly, user interaction is not required for the exploitation of this weakness.

Affected Version(s)

Android 14

Android 13

Android 12L

References

https://android.googlesource.com/platform/frameworks/base...

https://source.android.com/security/bulletin/2024-10-01

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jul 8, 2024