CVE-2016-2461

2016-05-09T10:59:00
ID CVE-2016-2461
Type cve
Reporter cve@mitre.org
Modified 2016-05-10T18:23:00

Description

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.