Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://android.googlesource.com/platform/system/securit... | |||
| [android-security-updates] 20150909 Nexus Security Bulle... |