ASB-A-266580022

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-266580022.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-266580022
Aliases
  • A-266580022
  • CVE-2023-21253
Published
2023-10-01T00:00:00Z
Modified
2024-08-07T19:29:31.833723Z
Summary
Local persistent denial of service when setting PackageManager.GET_SIGNATURES
Details

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-10-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "129744209502793915813260619052832012600",
                    "264113637825344716206162844253084270500",
                    "30215904757720273077659302057981667921",
                    "299631063491229373266064701101652182332",
                    "237790250428028202705881335151452949033",
                    "39096619547947512736311842163264836793",
                    "265640756765803956838572199192976623552",
                    "267676677489576409428264675310911676797",
                    "200840196954250196286453188352233489228",
                    "119046298690815096111332514719412588051"
                ]
            },
            "id": "ASB-A-266580022-3fa86d25",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1375.0,
                "function_hash": "76378410095532720956002145985191073570"
            },
            "id": "ASB-A-266580022-87735f25",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 345.0,
                "function_hash": "249915354582923191798266077908697072256"
            },
            "id": "ASB-A-266580022-bc7e7de7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java",
                "function": "readCertificates"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "127591183906428000100661990238153668826",
                    "240609319350722928473919306482041019539",
                    "291486844225277494726308172124066601464",
                    "119807339177862674962200230646681423358",
                    "9564776611380162473768305298920529708",
                    "187258210791204064424156638109163959388",
                    "311698033013677502681369731221858027212"
                ]
            },
            "id": "ASB-A-266580022-ec543c6e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/tools/apksig

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-10-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 433.0,
                "function_hash": "22470244999601055631616563743597494561"
            },
            "id": "ASB-A-266580022-19e3732e",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java",
                "function": "sign"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3495.0,
                "function_hash": "262962228558343875874916341515667901288"
            },
            "id": "ASB-A-266580022-727f4a7c",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 726.0,
                "function_hash": "213318869695566115113803252493268411376"
            },
            "id": "ASB-A-266580022-745d497a",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java",
                "function": "generateApkSignatureSchemeV2Block"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "90172167375156212023865176702410805323",
                    "255828293149117205601751866485063807101",
                    "283147441159775087592892492815682190961",
                    "281741627391602248632793172452235808643",
                    "161160446596792945093007825717673037311",
                    "224284982970141525191405149060650164069",
                    "281423487149610749286690012279529074670",
                    "329054542011880781089773095494031838405"
                ]
            },
            "id": "ASB-A-266580022-7486e237",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "138091845747979162666087952714147299396",
                    "251139346529762752694104483570799064211",
                    "199102190805175363047783006961641316782",
                    "160564518559890903662277250347960425158",
                    "14955106898394308134487221076974122598"
                ]
            },
            "id": "ASB-A-266580022-76aa3335",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "12618301161831551205318197541620737508",
                    "98755959483069616998261581973137485491",
                    "90902607722267191119850184141701387206",
                    "320695860838695213398059869796611028816",
                    "156083528888115917432528088227340568869"
                ]
            },
            "id": "ASB-A-266580022-8d5a35df",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 991.0,
                "function_hash": "222328988143613824287965131789779771686"
            },
            "id": "ASB-A-266580022-971d874d",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java",
                "function": "parseSigners"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "195323898097579571440473038818311772522",
                    "85927087583516576559657909816730739506",
                    "126594930388151554529098213431576280383",
                    "257815311357202562710622069557207829188",
                    "33966035226034354764799743487013125884",
                    "213804718474314383533809336886931483632"
                ]
            },
            "id": "ASB-A-266580022-ba137f99",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/ApkVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "318259293619017571817674845858708848436",
                    "127079537267571699098745376265682096815",
                    "139115357152174844383564699394576699834"
                ]
            },
            "id": "ASB-A-266580022-bbf99eb0",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/Constants.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "166308627250241798830278720308157210028",
                    "204021523883075718267869134804624054837",
                    "293949540968280903538352693917672011553",
                    "125492843029688495070507629923640435993",
                    "310355743575466778701922714034586285378"
                ]
            },
            "id": "ASB-A-266580022-fe435c1a",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "129744209502793915813260619052832012600",
                    "264113637825344716206162844253084270500",
                    "30215904757720273077659302057981667921",
                    "299631063491229373266064701101652182332",
                    "237790250428028202705881335151452949033",
                    "39096619547947512736311842163264836793",
                    "265640756765803956838572199192976623552",
                    "267676677489576409428264675310911676797",
                    "200840196954250196286453188352233489228",
                    "119046298690815096111332514719412588051"
                ]
            },
            "id": "ASB-A-266580022-3dd2f690",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "127591183906428000100661990238153668826",
                    "240609319350722928473919306482041019539",
                    "291486844225277494726308172124066601464",
                    "119807339177862674962200230646681423358",
                    "9564776611380162473768305298920529708",
                    "187258210791204064424156638109163959388",
                    "311698033013677502681369731221858027212"
                ]
            },
            "id": "ASB-A-266580022-53086803",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1375.0,
                "function_hash": "76378410095532720956002145985191073570"
            },
            "id": "ASB-A-266580022-86bb4ea9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 345.0,
                "function_hash": "249915354582923191798266077908697072256"
            },
            "id": "ASB-A-266580022-cf594625",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java",
                "function": "readCertificates"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1375.0,
                "function_hash": "76378410095532720956002145985191073570"
            },
            "id": "ASB-A-266580022-37c19678",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "129744209502793915813260619052832012600",
                    "264113637825344716206162844253084270500",
                    "30215904757720273077659302057981667921",
                    "299631063491229373266064701101652182332",
                    "237790250428028202705881335151452949033",
                    "39096619547947512736311842163264836793",
                    "265640756765803956838572199192976623552",
                    "267676677489576409428264675310911676797",
                    "200840196954250196286453188352233489228",
                    "119046298690815096111332514719412588051"
                ]
            },
            "id": "ASB-A-266580022-48128230",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "127591183906428000100661990238153668826",
                    "240609319350722928473919306482041019539",
                    "291486844225277494726308172124066601464",
                    "119807339177862674962200230646681423358",
                    "9564776611380162473768305298920529708",
                    "187258210791204064424156638109163959388",
                    "311698033013677502681369731221858027212"
                ]
            },
            "id": "ASB-A-266580022-6ae6ce33",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 345.0,
                "function_hash": "249915354582923191798266077908697072256"
            },
            "id": "ASB-A-266580022-9c4b949a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java",
                "function": "readCertificates"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/tools/apksig

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 632.0,
                "function_hash": "114059583829668587052886837139387282040"
            },
            "id": "ASB-A-266580022-02dd6a22",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java",
                "function": "generateApkSignatureSchemeV2Block"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "166660708084919229288884510559300593615",
                    "12672754703303928234164998712563517569",
                    "8610655643251529581441854087647599748",
                    "249434984663158798916763270884250273655",
                    "195323898097579571440473038818311772522",
                    "85927087583516576559657909816730739506",
                    "126594930388151554529098213431576280383",
                    "257815311357202562710622069557207829188",
                    "33966035226034354764799743487013125884",
                    "213804718474314383533809336886931483632"
                ]
            },
            "id": "ASB-A-266580022-10529082",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/ApkVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "138091845747979162666087952714147299396",
                    "251139346529762752694104483570799064211",
                    "199102190805175363047783006961641316782",
                    "160564518559890903662277250347960425158",
                    "14955106898394308134487221076974122598"
                ]
            },
            "id": "ASB-A-266580022-16e1b286",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "90172167375156212023865176702410805323",
                    "255828293149117205601751866485063807101",
                    "283147441159775087592892492815682190961",
                    "281741627391602248632793172452235808643",
                    "161160446596792945093007825717673037311",
                    "19318538246823043399536733526229174470",
                    "339695200048526063472714976939320224941",
                    "117245178116164655333834700469779125972"
                ]
            },
            "id": "ASB-A-266580022-20d2c31b",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "166308627250241798830278720308157210028",
                    "204021523883075718267869134804624054837",
                    "293949540968280903538352693917672011553",
                    "125492843029688495070507629923640435993",
                    "310355743575466778701922714034586285378"
                ]
            },
            "id": "ASB-A-266580022-53acf7e7",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "37533447064962364212589698078441805597",
                    "98755959483069616998261581973137485491",
                    "90902607722267191119850184141701387206",
                    "320695860838695213398059869796611028816",
                    "156083528888115917432528088227340568869"
                ]
            },
            "id": "ASB-A-266580022-546789b7",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3495.0,
                "function_hash": "262962228558343875874916341515667901288"
            },
            "id": "ASB-A-266580022-a5b4c8df",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 433.0,
                "function_hash": "22470244999601055631616563743597494561"
            },
            "id": "ASB-A-266580022-b5059182",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java",
                "function": "sign"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "83835231554199575221028493457154853768",
                    "187526407930162239029248123558231366877",
                    "139115357152174844383564699394576699834"
                ]
            },
            "id": "ASB-A-266580022-c305a834",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/Constants.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 991.0,
                "function_hash": "222328988143613824287965131789779771686"
            },
            "id": "ASB-A-266580022-d04d9656",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java",
                "function": "parseSigners"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1075.0,
                "function_hash": "59115683397571627065104435808932691233"
            },
            "id": "ASB-A-266580022-d5035045",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/ApkVerifier.java",
                "function": "mergeFrom"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "129744209502793915813260619052832012600",
                    "264113637825344716206162844253084270500",
                    "30215904757720273077659302057981667921",
                    "299631063491229373266064701101652182332",
                    "237790250428028202705881335151452949033",
                    "39096619547947512736311842163264836793",
                    "265640756765803956838572199192976623552",
                    "267676677489576409428264675310911676797",
                    "200840196954250196286453188352233489228",
                    "119046298690815096111332514719412588051"
                ]
            },
            "id": "ASB-A-266580022-10053c56",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1375.0,
                "function_hash": "76378410095532720956002145985191073570"
            },
            "id": "ASB-A-266580022-52966c45",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 345.0,
                "function_hash": "249915354582923191798266077908697072256"
            },
            "id": "ASB-A-266580022-c330e3d4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java",
                "function": "readCertificates"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "127591183906428000100661990238153668826",
                    "240609319350722928473919306482041019539",
                    "291486844225277494726308172124066601464",
                    "119807339177862674962200230646681423358",
                    "9564776611380162473768305298920529708",
                    "187258210791204064424156638109163959388",
                    "311698033013677502681369731221858027212"
                ]
            },
            "id": "ASB-A-266580022-f500885d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/tools/apksig

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 433.0,
                "function_hash": "22470244999601055631616563743597494561"
            },
            "id": "ASB-A-266580022-008878df",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java",
                "function": "sign"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1075.0,
                "function_hash": "59115683397571627065104435808932691233"
            },
            "id": "ASB-A-266580022-088b5a20",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/ApkVerifier.java",
                "function": "mergeFrom"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "83835231554199575221028493457154853768",
                    "187526407930162239029248123558231366877",
                    "139115357152174844383564699394576699834"
                ]
            },
            "id": "ASB-A-266580022-2641e101",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/Constants.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "166308627250241798830278720308157210028",
                    "204021523883075718267869134804624054837",
                    "293949540968280903538352693917672011553",
                    "125492843029688495070507629923640435993",
                    "310355743575466778701922714034586285378"
                ]
            },
            "id": "ASB-A-266580022-2d3e1594",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 991.0,
                "function_hash": "222328988143613824287965131789779771686"
            },
            "id": "ASB-A-266580022-304a0521",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java",
                "function": "parseSigners"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "90172167375156212023865176702410805323",
                    "255828293149117205601751866485063807101",
                    "283147441159775087592892492815682190961",
                    "281741627391602248632793172452235808643",
                    "161160446596792945093007825717673037311",
                    "19318538246823043399536733526229174470",
                    "339695200048526063472714976939320224941",
                    "117245178116164655333834700469779125972"
                ]
            },
            "id": "ASB-A-266580022-32f1610b",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "37533447064962364212589698078441805597",
                    "98755959483069616998261581973137485491",
                    "90902607722267191119850184141701387206",
                    "320695860838695213398059869796611028816",
                    "156083528888115917432528088227340568869"
                ]
            },
            "id": "ASB-A-266580022-6886944b",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3495.0,
                "function_hash": "262962228558343875874916341515667901288"
            },
            "id": "ASB-A-266580022-6f846461",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "138091845747979162666087952714147299396",
                    "251139346529762752694104483570799064211",
                    "199102190805175363047783006961641316782",
                    "160564518559890903662277250347960425158",
                    "14955106898394308134487221076974122598"
                ]
            },
            "id": "ASB-A-266580022-b09a182b",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 632.0,
                "function_hash": "114059583829668587052886837139387282040"
            },
            "id": "ASB-A-266580022-bd0d5b16",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java",
                "function": "generateApkSignatureSchemeV2Block"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "166660708084919229288884510559300593615",
                    "12672754703303928234164998712563517569",
                    "8610655643251529581441854087647599748",
                    "249434984663158798916763270884250273655",
                    "195323898097579571440473038818311772522",
                    "85927087583516576559657909816730739506",
                    "126594930388151554529098213431576280383",
                    "257815311357202562710622069557207829188",
                    "33966035226034354764799743487013125884",
                    "213804718474314383533809336886931483632"
                ]
            },
            "id": "ASB-A-266580022-e66b4b8a",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/ApkVerifier.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/tools/apksig/+/dae412630054cc9ec19ec03e0e827585e619f6ac"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "127591183906428000100661990238153668826",
                    "240609319350722928473919306482041019539",
                    "291486844225277494726308172124066601464",
                    "119807339177862674962200230646681423358",
                    "9564776611380162473768305298920529708",
                    "187258210791204064424156638109163959388",
                    "311698033013677502681369731221858027212"
                ]
            },
            "id": "ASB-A-266580022-05736781",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "129744209502793915813260619052832012600",
                    "264113637825344716206162844253084270500",
                    "30215904757720273077659302057981667921",
                    "299631063491229373266064701101652182332",
                    "237790250428028202705881335151452949033",
                    "39096619547947512736311842163264836793",
                    "265640756765803956838572199192976623552",
                    "267676677489576409428264675310911676797",
                    "200840196954250196286453188352233489228",
                    "119046298690815096111332514719412588051"
                ]
            },
            "id": "ASB-A-266580022-91500019",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 345.0,
                "function_hash": "249915354582923191798266077908697072256"
            },
            "id": "ASB-A-266580022-a83b7429",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/jar/StrictJarVerifier.java",
                "function": "readCertificates"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1375.0,
                "function_hash": "76378410095532720956002145985191073570"
            },
            "id": "ASB-A-266580022-e8a5746e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6f6ee8a55f37c2b8c0df041b2bd53ec928764597"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/tools/apksig

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "90172167375156212023865176702410805323",
                    "255828293149117205601751866485063807101",
                    "283147441159775087592892492815682190961",
                    "281741627391602248632793172452235808643",
                    "161160446596792945093007825717673037311",
                    "224284982970141525191405149060650164069",
                    "281423487149610749286690012279529074670",
                    "329054542011880781089773095494031838405"
                ]
            },
            "id": "ASB-A-266580022-0531dc1b",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "318259293619017571817674845858708848436",
                    "127079537267571699098745376265682096815",
                    "139115357152174844383564699394576699834"
                ]
            },
            "id": "ASB-A-266580022-2b74cb68",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/Constants.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "166308627250241798830278720308157210028",
                    "204021523883075718267869134804624054837",
                    "293949540968280903538352693917672011553",
                    "125492843029688495070507629923640435993",
                    "310355743575466778701922714034586285378"
                ]
            },
            "id": "ASB-A-266580022-31a88da6",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "195323898097579571440473038818311772522",
                    "85927087583516576559657909816730739506",
                    "126594930388151554529098213431576280383",
                    "257815311357202562710622069557207829188",
                    "33966035226034354764799743487013125884",
                    "213804718474314383533809336886931483632"
                ]
            },
            "id": "ASB-A-266580022-373c03e6",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/ApkVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 433.0,
                "function_hash": "22470244999601055631616563743597494561"
            },
            "id": "ASB-A-266580022-5cd034ba",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java",
                "function": "sign"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 991.0,
                "function_hash": "222328988143613824287965131789779771686"
            },
            "id": "ASB-A-266580022-5fa9c3f7",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java",
                "function": "parseSigners"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "138091845747979162666087952714147299396",
                    "251139346529762752694104483570799064211",
                    "199102190805175363047783006961641316782",
                    "160564518559890903662277250347960425158",
                    "14955106898394308134487221076974122598"
                ]
            },
            "id": "ASB-A-266580022-743fcaad",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 726.0,
                "function_hash": "213318869695566115113803252493268411376"
            },
            "id": "ASB-A-266580022-8effdc18",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java",
                "function": "generateApkSignatureSchemeV2Block"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3495.0,
                "function_hash": "262962228558343875874916341515667901288"
            },
            "id": "ASB-A-266580022-e00d66bc",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java",
                "function": "verify"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "12618301161831551205318197541620737508",
                    "98755959483069616998261581973137485491",
                    "90902607722267191119850184141701387206",
                    "320695860838695213398059869796611028816",
                    "156083528888115917432528088227340568869"
                ]
            },
            "id": "ASB-A-266580022-f6beabeb",
            "source": "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/tools/apksig/+/0b086bdc130e1e6216fcbc5436fe8e3cdc9ec011",
        "https://android.googlesource.com/platform/tools/apksig/+/6be64b9339c1dad28abf75b53d3866fd42f320d6"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}