Deserialization of untrusted data

2015-10-0100:59:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.2%

JSON

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.