OpenSSLCipher.java in Conscrypt in Android 6.x prior to 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows malicious users to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 6.0.1 |
||
google android 6.0 |