Security Advisory

CVE-2015-3837

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-10-01 00:00:00

Last updated 2024-08-06 05:56:16

Assigner google_android

State PUBLISHED

Description

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.

← Browse all CVEs View on cve.org ↗