Arbitrary Code Execution Vulnerability in Android OpenSSLX509Certificate Class

Arbitrary Code Execution Vulnerability in Android OpenSSLX509Certificate Class

CVE-2015-3837 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.

Learn more about our Cis Benchmark Audit For Google Android.