CVE-2016-2462

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...

Android Conscrypt elevation of privilege vulnerability (CNVD-2016-02859)

Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, of which Concrypt is a component that uses OpenSSL to provide Java security. An elevation of privilege vulnerability exists in Conscrypt in versions prior to Android 6.x on 2016-05-01. A...