CVE-2015-3837

Android < 5.1 - Remote Code Execution via Crafted Intent

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3837. PoCs published by itibs.

AI-analyzed exploit summary This PoC demonstrates a memory corruption vulnerability (CVE-2015-3837) in OpenSSL's X509_free function, allowing an attacker to manipulate function pointers in native code via JNI. The exploit leverages improper reference counting to achieve arbitrary code execution.

Description

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.

Exploits (1)

nomisec WORKING POC
by itibs · poc
https://github.com/itibs/IsildursBane

This PoC demonstrates a memory corruption vulnerability (CVE-2015-3837) in OpenSSL's X509_free function, allowing an attacker to manipulate function pointers in native code via JNI. The exploit leverages improper reference counting to achieve arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL (Android applications using vulnerable OpenSSL versions)
No auth needed
Prerequisites: Vulnerable OpenSSL version on Android · Ability to execute arbitrary code in the target app context
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

EPSS 0.0149
EPSS Percentile 71.1%

Details

CWE
CWE-20
Status published
Products (1)
google/android < 5.1
Published Oct 01, 2015
Tracked Since Feb 18, 2026