CVE-2015-6644

Published: 6 January 2016

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

Priority

Cvss 3 Severity Score

3.3

Score breakdown

Status

Package	Release	Status
bouncycastle Launchpad, Ubuntu, Debian	artful	Not vulnerable (1.56-1)
	bionic	Not vulnerable (1.56-1)
	cosmic	Not vulnerable (1.56-1)
	disco	Not vulnerable (1.56-1)
	eoan	Not vulnerable (1.56-1)
	focal	Not vulnerable (1.56-1)
	groovy	Not vulnerable (1.56-1)
	hirsute	Not vulnerable (1.56-1)
	impish	Not vulnerable (1.56-1)
	jammy	Not vulnerable (1.56-1)
	precise	Does not exist (precise was needed)
	trusty	Does not exist (trusty was released [1.49+dfsg-2ubuntu0.1])
	upstream	Released (1.56-1)
	xenial	Needed
	yakkety	Ignored (reached end-of-life)
	zesty	Not vulnerable (1.56-1)
	Patches: vendor: https://gist.github.com/apoleon/56c92d38b767d3489e90c5df9304fc8f

Severity score breakdown

Parameter	Value
Base score	3.3
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	Low
Integrity impact	None
Availability impact	None
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›