CVE-2021-0341

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions 8.1 through 11

Description The issue is related to improperly used crypto in the verifyHostName function of OkHostnameVerifier.java, which could lead to accepting a certificate for the wrong domain. This might result in remote information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions 8.1 through 11, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-295

Related Identifiers

ASB-A-171980069

BDU:2024-00468

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-RN56220

CVE-2021-0341

GHSA-3CQM-MF7H-PRRJ

RHSA-2023:2705

RHSA-2023:2706

RHSA-2023:2707

Affected Products

Android

CVE-2021-0341

Weakness Enumeration

Related Identifiers

Affected Products

References · 192