CVE-2015-3837

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to the OpenSSLX509Certificate class in the org/conscrypt/OpenSSLX509Certificate.java module, which improperly includes certain context data during serialization and deserialization. This allows attackers to execute arbitrary code via a crafted application. The vulnerability exists due to insufficient input validation, enabling a remote attacker to execute arbitrary code using a specially crafted application.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue.