Lucene search
HistoryOct 01, 2015 - 12:59 a.m.
CVE-2015-3837
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
34.0%
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.
Affected configurations
Node
googleandroidRangeโค5.1
Related
prion
prion
Deserialization of untrusted data
2015-10-01 00:59:00
cvelist
cvelist
CVE-2015-3837
2015-10-01 00:00:00
cve
cve
CVE-2015-3837
2015-10-01 00:59:21
CVE-2015-3825
2016-02-18 23:59:00
android
android
One class to rule them all
2015-06-01 00:00:00
nvd
nvd
CVE-2015-3825
2016-02-18 23:59:00
androidsecurity
androidsecurity
Nexus Security BulletinโAugust 2015
2015-08-13 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
34.0%
Related for NVD:CVE-2015-3837