CVE-2015-6644
bouncycastle: Information disclosure in GCMBlockCipher
Severity Score
3.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
Bouncy Castle en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener información sensible a través de una aplicación manipulada, también conocida como error interno 24106146.
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-21 CVE Reserved
- 2016-01-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/79865 | Vdb Entry | |
http://www.securitytracker.com/id/1034592 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://source.android.com/security/bulletin/2016-01-01.html | 2018-10-17 | |
http://www.debian.org/security/2017/dsa-3829 | 2018-10-17 | |
https://access.redhat.com/errata/RHSA-2017:1832 | 2018-10-17 | |
https://access.redhat.com/errata/RHSA-2017:2808 | 2018-10-17 | |
https://access.redhat.com/errata/RHSA-2017:2809 | 2018-10-17 | |
https://access.redhat.com/errata/RHSA-2017:2810 | 2018-10-17 | |
https://access.redhat.com/errata/RHSA-2017:2811 | 2018-10-17 | |
https://access.redhat.com/errata/RHSA-2018:2927 | 2018-10-17 | |
https://usn.ubuntu.com/3727-1 | 2018-10-17 | |
https://access.redhat.com/security/cve/CVE-2015-6644 | 2018-10-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1444015 | 2018-10-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.4.4 Search vendor "Google" for product "Android" and version "4.4.4" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.0 Search vendor "Google" for product "Android" and version "5.0" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.0.1 Search vendor "Google" for product "Android" and version "5.0.1" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.0.2 Search vendor "Google" for product "Android" and version "5.0.2" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.1.0 Search vendor "Google" for product "Android" and version "5.1.0" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.1.1 Search vendor "Google" for product "Android" and version "5.1.1" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0 Search vendor "Google" for product "Android" and version "6.0" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0.1 Search vendor "Google" for product "Android" and version "6.0.1" | - |
Affected
|