CVE-2015-3863

EUVD-2015-3899
Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
googleandroid
𝑥
≤ 5.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
artful
dne
bionic
dne
precise
dne
trusty
dne
vivid
ignored
wily
ignored
xenial
ignored
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b
https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ
https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b
https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ