2 matches found
CVE-2016-2462
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...
CVE-2016-2462
Summary (CVE-2016-2462) : In Android 6.x, the Conscrypt/OpenSSL binding (OpenSSLCipher.java) mishandled updates to the AAD array, enabling possible spoofing of message authentication via unspecified vectors (internal bug 27371173). This is a local/authenticated context issue due to the cipher sta...