CVE-2017-13309 | THREATINT

Description

In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

PUBLISHED Reserved 2017-08-23 | Published 2024-11-15 | Updated 2024-11-15 | Assigner google_android

Product status

Default status

unaffected

8.1

affected

References

source.android.com/security/bulletin/2018-05-01

cve.org (CVE-2017-13309)

nvd.nist.gov (CVE-2017-13309)

Download JSON