CVE-2015-3863

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48M

Description The issue is related to multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore. This allows attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation.

Recommendations For Android versions prior to 5.1.1 LMY48M, update to version 5.1.1 LMY48M or later to resolve the issue. As a temporary workaround, consider restricting the use of the Keystore component to minimize the risk of exploitation.