Login Sign Up

CVE-2021-0313

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Android's TextView component allows remote attackers to cause denial of service (slowdown or crash) by sending specially crafted input. It affects Android devices running versions 8.0 through 11 without requiring user interaction or additional privileges.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.0, 8.1, 9, 10, 11
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices running affected versions with TextView functionality are vulnerable by default.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker crashes the TextView component, potentially causing app instability or device performance degradation across multiple applications.

🟠

Likely Case

Malicious content in web pages, messages, or apps triggers TextView crashes, disrupting user experience in affected applications.

🟢

If Mitigated

With proper patching, no impact as the input validation flaw is corrected.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malicious input to TextView components, which can be done remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin January 2021 patches

Vendor Advisory: https://source.android.com/security/bulletin/2021-01-01

Restart Required: Yes

Instructions:

1. Apply January 2021 Android security patches from device manufacturer. 2. Update affected Android devices to patched firmware. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable TextView in untrusted apps

android

Restrict TextView usage in applications that process untrusted input

🧯 If You Can't Patch

  • Isolate affected devices from untrusted network sources
  • Monitor for TextView component crashes in application logs

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 8.0-11 without January 2021 patches, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release

Verify Fix Applied:

Verify Android security patch level includes January 2021 or later in Settings > About phone > Android security patch level.

📡 Detection & Monitoring

Log Indicators:

  • TextView crash logs
  • Application ANR (Application Not Responding) events
  • System UI crashes

Network Indicators:

  • Unusual network traffic to TextView components
  • Patterns of input causing repeated TextView failures

SIEM Query:

source="android_logs" AND ("TextView" AND ("crash" OR "ANR" OR "slow"))

📊 Metadata

CVE ID: CVE-2021-0313
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: January 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0313, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)