VYPR

Conscrypt

by Google

CVEs (3)

  • CVE-2016-3840CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.

  • CVE-2016-2462HigMay 9, 2016
    risk 0.46cvss 7.0epss 0.00

    OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.

  • CVE-2016-2461HigMay 9, 2016
    risk 0.46cvss 7.0epss 0.00

    OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.