CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-40104

In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.2%

CVSS Severity

CVSS v3 Score 7.5

References

https://android.googlesource.com/platform/system/ca-certificates/+/91204b9fdbd77b3f27f94b73868607b2dccbfdad
https://source.android.com/security/bulletin/2023-11-01
https://android.googlesource.com/platform/system/ca-certificates/+/91204b9fdbd77b3f27f94b73868607b2dccbfdad
https://source.android.com/security/bulletin/2023-11-01

Products affected by CVE-2023-40104

Google » Android » Version: 11.0

cpe:2.3:o:google:android:11.0
Google » Android » Version: 12.0

cpe:2.3:o:google:android:12.0
Google » Android » Version: 12.1

cpe:2.3:o:google:android:12.1
Google » Android » Version: 13.0

cpe:2.3:o:google:android:13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-40104

Products

Pricing

Contact Us