ASB-A-171980069 — Vulnetix

ASB-A-171980069 PUBLISHED CVSS 6.900000095367432 MEDIUM

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	libcore	11, 8.0:0, 8.0
platform	external/okhttp	8.0, 8.1:0, 8.1

Timeline

Feb 1, 2021 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2021-02-01 advisory
https://android.googlesource.com/platform/external/okhttp/+/ddc934efe3ed06ce34f3724d41cfbdcd7e7358fc patch
https://android.googlesource.com/platform/libcore/+/4076be9a99bad5ff7651540df976c57462c3b8ce patch

Open in Interactive Console →