3 matches found
CVE-2015-3825
The CVE-2015-3825 entry concerns OpenSSLX509Certificate in Android (org/conscrypt/OpenSSLX509Certificate.java) prior to 5.1.1. The vulnerability arises because the mContext pointer (a serialized field) is deserialized and later finalized by the GC, triggering OpenSSL/ASN1 cleanup paths. During fi...
CVE-2015-3837
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka...
CVE-2015-3837
CVE-2015-3837 affects Android’s OpenSSLX509Certificate class (org/conscrypt/OpenSSLX509Certificate.java) in builds prior to 5.1.1 LMY48I. The root cause is improper inclusion of certain context data during serialization and deserialization, enabling a malicious local application to trigger code e...