CVE-2015-6644
Description
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows information disclosure via a crafted application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows information disclosure via a crafted application.
Vulnerability
The vulnerability resides in the Bouncy Castle cryptographic library bundled with Android. A crafted application can exploit this flaw to obtain sensitive information from the device. Affected versions include Android prior to 5.1.1 LMY49F and Android 6.0 before the January 1, 2016 security patch level [4]. Red Hat advisories also reference this CVE in the context of JBoss Enterprise Application Platform and Satellite [2].
Exploitation
An attacker must install a malicious application on the target device. No additional privileges or user interaction beyond installation are required. The application can then leverage the Bouncy Castle vulnerability to access private data [2].
Impact
Successful exploitation results in information disclosure, allowing the attacker to access sensitive user information such as private data stored or processed by the device [2]. The severity is rated Low (CVSS 3.3).
Mitigation
Google released fixes in Android 5.1.1 build LMY49F and Android 6.0 with the January 1, 2016 security patch level [4]. Users should apply these updates via OTA or by flashing the factory images. Red Hat has also included patches in their JBoss EAP and Satellite updates [2]. No workaround is available; updating to the fixed versions is the only mitigation.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- source.android.com/security/bulletin/2016-01-01.htmlnvdVendor Advisory
- www.debian.org/security/2017/dsa-3829nvd
- www.securityfocus.com/bid/79865nvd
- www.securitytracker.com/id/1034592nvd
- access.redhat.com/errata/RHSA-2017:1832nvd
- access.redhat.com/errata/RHSA-2017:2808nvd
- access.redhat.com/errata/RHSA-2017:2809nvd
- access.redhat.com/errata/RHSA-2017:2810nvd
- access.redhat.com/errata/RHSA-2017:2811nvd
- access.redhat.com/errata/RHSA-2018:2927nvd
- usn.ubuntu.com/3727-1/nvd
News mentions
0No linked articles in our index yet.