{
  "id": "CVE-2023-40074",
  "sourceIdentifier": "security@android.com",
  "published": "2023-12-04T23:15:23.607",
  "lastModified": "2024-02-02T16:29:22.447",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
    },
    {
      "lang": "es",
      "value": "En saveToXml de PersistableBundle.java, los datos no v\u00e1lidos podr\u00edan provocar una denegaci\u00f3n de servicio persistente local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://android.googlesource.com/platform/frameworks/base/+/40e4ea759743737958dde018f3606d778f7a53f3",
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Patch"
      ]
    },
    {
      "url": "https://source.android.com/security/bulletin/2023-12-01",
      "source": "security@android.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}