{"id":"ASB-A-259942609", "published":"2023-04-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21090", "A-259942609"], "details":"In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-04-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b7d62363d2bd1e2f25a07e72753da0189985ba67"], "severity":"High", "spl":"2023-04-01", "types":["DoS"], "vanir_signatures":[{"deprecated":true, "digest":{"line_hashes":["233468297413593397394297712448269979643", "70811960205434562314080175780461273895", "22439025937987995327133908070800259810", "104471443701088480886602663194600715996", "298499600960742821919062986980661044130", "95891512518350473598574258831346876298", "74461255058017342824900763743093953044"], "threshold":0.9}, "id":"ASB-A-259942609-bdc3ae43", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b7d62363d2bd1e2f25a07e72753da0189985ba67", "target":{"file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java"}}, {"deprecated":true, "digest":{"function_hash":"294343802404084889054637398552666988383", "length":3196}, "id":"ASB-A-259942609-c9fe3c00", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b7d62363d2bd1e2f25a07e72753da0189985ba67", "target":{"file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java", "function":"parseUsesPermission"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/de8ef32d020ce4efe5dcaae09c9b8e0cf7efb2db"], "severity":"High", "spl":"2023-04-01", "types":["DoS"], "vanir_signatures":[{"deprecated":true, "digest":{"line_hashes":["233468297413593397394297712448269979643", "70811960205434562314080175780461273895", "22439025937987995327133908070800259810", "104471443701088480886602663194600715996", "174378944264573247603940444631810033873", "17188419640653343995655913053254468102", "177124981143631127301714150448223349963"], "threshold":0.9}, "id":"ASB-A-259942609-65c591dd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/de8ef32d020ce4efe5dcaae09c9b8e0cf7efb2db", "target":{"file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java"}}, {"deprecated":true, "digest":{"function_hash":"160205189274907442256872566515021715710", "length":3177}, "id":"ASB-A-259942609-ac85a82d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/de8ef32d020ce4efe5dcaae09c9b8e0cf7efb2db", "target":{"file":"services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java", "function":"parseUsesPermission"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/955123a6dfe17fbf30f3cd1898dd8229032274c7"}]}