CVE-2023-29731
📋 TL;DR
SoLive Android app versions 1.6.14 through 1.6.20 have an exposed component that allows attackers to inject excessive data into SharedPreference files. When the app loads this manipulated data at startup, it triggers an out-of-memory error and crashes persistently, creating a denial-of-service condition. This affects all Android users running vulnerable versions of the SoLive app.
💻 Affected Systems
- SoLive
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Permanent denial of service where the application becomes completely unusable and cannot be launched, requiring reinstallation or device reset to recover functionality.
Likely Case
Application crashes persistently at startup, preventing users from accessing the app until the malicious data is cleared or the app is reinstalled.
If Mitigated
Application functions normally with proper input validation and memory management preventing data injection attacks.
🎯 Exploit Status
Exploit requires local access to device or ability to install malicious app. The vulnerability is well-documented in public repositories with technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.21 or later
Vendor Advisory: https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29731/CVE%20detail.md
Restart Required: Yes
Instructions:
1. Update SoLive app to version 1.6.21 or later from Google Play Store. 2. Restart the application after update. 3. Verify the update by checking app version in settings.
🔧 Temporary Workarounds
Clear app data and cache
androidRemoves potentially malicious SharedPreference files that cause the OOM crash
Settings > Apps > SoLive > Storage > Clear Data and Clear Cache
Uninstall and reinstall app
androidFresh installation removes all app data including malicious SharedPreference files
Settings > Apps > SoLive > Uninstall, then reinstall from Google Play Store
🧯 If You Can't Patch
- Restrict app permissions and isolate the application using Android work profiles or containerization
- Monitor for abnormal app crashes and investigate devices showing persistent SoLive startup failures
🔍 How to Verify
Check if Vulnerable:
Check SoLive app version in Android Settings > Apps > SoLive. If version is between 1.6.14 and 1.6.20 inclusive, the device is vulnerable.Check Version:
adb shell dumpsys package com.solive.app | grep versionNameVerify Fix Applied:
Verify SoLive app version is 1.6.21 or later and the application launches successfully without crashes.📡 Detection & Monitoring
Log Indicators:
- Repeated OutOfMemoryError exceptions in SoLive app logs
- Application crash reports showing OOM errors at startup
- ANR (Application Not Responding) reports for SoLive
Network Indicators:
- No specific network indicators as this is a local exploitation vulnerability
SIEM Query:
source="android_logs" app="SoLive" ("OutOfMemoryError" OR "java.lang.OutOfMemoryError" OR "OOM")