Описание
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Ссылки
- Mailing ListPatch
- PatchVendor Advisory
- Mailing ListPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00224
Низкий
7.5 High
CVSS3
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS
Процентиль: 45%
0.00224
Низкий
7.5 High
CVSS3
Дефекты
CWE-295
CWE-295