ASB-A-357870429 — Vulnetix

ASB-A-357870429 PUBLISHED CVSS 6.900000095367432 MEDIUM

In static of NativeCrypto.java, there is a possible way to obtain clear-text data due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	libcore	15-next:0, 15-next, 15:0
platform	external/conscrypt	15-next:0, 15-next, 15:0

Timeline

Feb 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-02-01 advisory
https://android.googlesource.com/platform/external/conscrypt/+/79117043c54eb2fc91ece695c90938d60904d59f patch
https://android.googlesource.com/platform/libcore/+/c9d01a45928e0cdd2e6102c1c0ecf23a9de3601f patch

Open in Interactive Console →