Integer overflows in Blob class in Keystore allow arbitrary code execution and key reading

Integer overflows in Blob class in Keystore allow arbitrary code execution and key reading

CVE-2015-3863 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399.

Learn more about our Cis Benchmark Audit For Google Android.