Arbitrary Code Execution Vulnerability in Android OpenSSLX509Certificate Class
CVE-2015-3837 · HIGH Severity
AV:N/AC:M/AU:N/C:C/I:C/A:C
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.
Learn more about our Cis Benchmark Audit For Google Android.