High severityNVD Advisory· Published Feb 10, 2021· Updated Aug 3, 2024
CVE-2021-0341
CVE-2021-0341
Description
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.squareup.okhttp3:okhttpMaven | < 4.9.2 | 4.9.2 |
Affected products
4- Android/Androiddescription
- osv-coords3 versionspkg:apk/chainguard/knative-kafka-broker-1.17-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.17-receiver-loompkg:maven/com.squareup.okhttp3/okhttp
< 1.17.3-r2+ 2 more
- (no CPE)range: < 1.17.3-r2
- (no CPE)range: < 1.17.3-r2
- (no CPE)range: < 4.9.2
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-3cqm-mf7h-prrjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-0341ghsaADVISORY
- github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10cghsaWEB
- github.com/square/okhttp/issues/6724ghsaWEB
- github.com/square/okhttp/pull/6741ghsaWEB
- source.android.com/security/bulletin/2021-02-01ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.