Session Reuse Vulnerability in Conscrypt on Android 4.x to 6.x

Session Reuse Vulnerability in Conscrypt on Android 4.x to 6.x

CVE-2016-3840 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.

Learn more about our Cis Benchmark Audit For Google Android.