Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0049

Summary
Assigner-google_android
Assigner Org ID-baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At-06 Apr, 2026 | 18:20
Updated At-13 Apr, 2026 | 16:57
Rejected At-
Credits

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:google_android
Assigner Org ID:baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At:06 Apr, 2026 | 18:20
Updated At:13 Apr, 2026 | 16:57
Rejected At:
▼CVE Numbering Authority (CNA)

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products
Vendor
Google LLCGoogle
Product
Android
Default Status
unaffected
Versions
Affected
  • 16-qpr2
  • 16
  • 15
  • 14
Problem Types
TypeCWE IDDescription
N/AN/ADenial of service
Type: N/A
CWE ID: N/A
Description: Denial of service
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Cxxsheng (曹圣) and Yanjie Zhao (赵彦杰) of Huazhong University of Science and Technology (华中科技大学) and Canyie(石松洲) of LSPosed Team.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/docs/security/bulletin/2026/2026-04-01
vendor-advisory
Hyperlink: https://source.android.com/docs/security/bulletin/2026/2026-04-01
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@android.com
Published At:06 Apr, 2026 | 19:16
Updated At:10 Apr, 2026 | 18:54

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Google LLC
google
>>android>>14.0
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>15.0
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>16.0
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Google LLC
google
>>android>>16.0
cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
Google LLC
google
>>android>>16.0
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
Google LLC
google
>>android>>16.0
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-400
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://source.android.com/docs/security/bulletin/2026/2026-04-01security@android.com
Vendor Advisory
Hyperlink: https://source.android.com/docs/security/bulletin/2026/2026-04-01
Source: security@android.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

124Records found
CVE-2023-20910
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.92%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-23580
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.40%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:32
Updated-22 Apr, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abort caused by allocating a vector that is too large in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2023-20930
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-47356
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.68%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 05:27
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In log service, there is a missing permission check. This could lead to local denial of service in log service.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t610t820sc9832et760t606s8000t616t310androidt618sc7731et612sc9863at770SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-47354
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.68%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 05:26
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In log service, there is a missing permission check. This could lead to local denial of service in log service.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t610t820sc9832et760t606s8000t616t310androidt618sc7731et612sc9863at770SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-47355
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.68%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 05:27
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In log service, there is a missing permission check. This could lead to local denial of service in log service.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t610t820sc9832et760t606s8000t616t310androidt618sc7731et612sc9863at770SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-47370
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5||MEDIUM
EPSS-0.01% / 2.42%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 05:28
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t610t820sc9832et760t606s8000t616t310androidt618sc7731et612sc9863at770SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-43763
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.37%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 23:04
Updated-22 Apr, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-39125
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38687
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-862
Missing Authorization
CVE-2022-39123
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39128
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38677
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-862
Missing Authorization
CVE-2022-38679
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-862
Missing Authorization
CVE-2022-39126
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39124
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39127
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38674
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.53%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 05:27
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t610t820sc9832et760t606s8000t616t310androidt618sc7731et612sc9863at770SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55559
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 00:00
Updated-03 Oct, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tensorflown/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-3509
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.37%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 18:09
Updated-22 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parsing issue in protobuf textformat

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Action-Not Available
Vendor-Google LLC
Product-protobuf-javaliteprotobuf-javaProtocolBuffers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-3510
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-7.5||HIGH
EPSS-0.09% / 24.74%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 16:35
Updated-22 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parsing issue in protobuf message-type extension

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Action-Not Available
Vendor-Google LLC
Product-protobuf-javaliteprotobuf-javaProtocolBuffers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-0690
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-48569
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.77%
||
7 Day CHG-0.00%
Published-08 Dec, 2025 | 17:27
Updated-08 Dec, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-48576
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.77%
||
7 Day CHG-0.00%
Published-08 Dec, 2025 | 16:57
Updated-17 Dec, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-48590
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.77%
||
7 Day CHG-0.00%
Published-08 Dec, 2025 | 16:57
Updated-17 Dec, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-48584
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.77%
||
7 Day CHG-0.00%
Published-08 Dec, 2025 | 16:57
Updated-17 Dec, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-48609
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.1||CRITICAL
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 18:42
Updated-08 Apr, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-48615
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.38%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 16:57
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-48603
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.77%
||
7 Day CHG-0.00%
Published-08 Dec, 2025 | 16:57
Updated-17 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-48542
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 18:34
Updated-05 Sep, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-22553
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.42%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 12:05
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Memory exhaustion in Gerrit

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.

Action-Not Available
Vendor-Google LLC
Product-gerritGerrit
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-26449
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 17:14
Updated-08 Sep, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-26463
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.25%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 17:15
Updated-05 Sep, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-32902
Matching Score-6
Assigner-Google Devices
ShareView Details
Matching Score-6
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.11% / 28.74%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-26 Feb, 2026 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-8264
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.44%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-8247
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function "msm_close".

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-23712
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.01%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:01
Updated-17 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-3954
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-0.53% / 67.52%
||
7 Day CHG~0.00%
Published-09 Feb, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-0026
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 14.96%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:01
Updated-17 Dec, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-7258
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 31.07%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 16:29
Updated-22 Jul, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service in Gvisor

A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6

Action-Not Available
Vendor-Google LLC
Product-gvisorGvisor
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-29202
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 19.99%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:55
Updated-22 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-25326
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.37%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 11:00
Updated-21 Apr, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in fscrypt

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.

Action-Not Available
Vendor-Google LLC
Product-fscryptfscrypt
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-23591
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.29%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:32
Updated-23 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-48631
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG-0.00%
Published-08 Dec, 2025 | 16:57
Updated-06 Mar, 2026 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20455
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.53%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20482
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.42%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20425
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.30%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-13233
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 35.96%
||
7 Day CHG~0.00%
Published-12 Feb, 2018 | 19:00
Updated-16 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-0441
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.98%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 12:49
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-0088
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.64%
||
7 Day CHG~0.00%
Published-15 Mar, 2020 | 21:16
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124389881

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found