EUVD-2014-3121

Malware in sbrugna...

EUVD-2015-3899

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-3863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and...

KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps

Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...

CVE-2024-40659

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional...

PT-2021-6224 · Samsung · Android Keystore

Name of the Vulnerable Software and Affected Versions: Android Keystore versions prior to SMR AUG-2021 Release 1 Description: The issue is related to an IV reuse vulnerability in the keymaster, which allows decryption of custom keyblobs with privileged processes. This vulnerability is associated...

Google Android System Component Elevation of Privilege Vulnerability (CNVD-2018-03846)

Android is the United States Google Google and the Open Handheld Alliance referred to as OHA jointly developed a set of Linux-based open source operating system. keyStore service is one of the Java data certificate management service. An elevation of privilege vulnerability exists in the KeyStore...

How to Create Custom Android KeyStore for MDX App Wrapping

This article will guide the Citrix Endpoint Management admin in creating a custom keystore which will be used to sign the unsigned android apps using MDX toolkit and/or using MDX as a service...

Integer overflow

Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399...

UBUNTU-CVE-2015-3863

Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399...

Android KeyStore Stack Buffer Overflow (CVE-2014-3100)

Hi, We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3 and below. The issue was patched in Android 4.4. The vulnerability is identified as CVE-2014-3100. More details are available at: 1. Blog post: http://ibm.co/1pbk4yH 2. Advisory:...

Google Android 4.3 KeyStore Service Local Stack-based Buffer Overflow

Binary data googleandroid20143100.nbin...

CVE-2014-3100

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...