OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2016-05-09T10:00:00
Updated: 2024-08-05T23:32:20.094Z
Reserved: 2016-02-18T00:00:00
Link: CVE-2016-2461
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-05-09T10:59:39.500
Modified: 2016-05-10T18:23:36.687
Link: CVE-2016-2461
Redhat
No data.