CVE-2015-3839

MEDIUM

Android < 5.1.1 - Denial of Service via updateMessageStatus NULL Pointer Dereference

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3839. PoCs published by Cecilia-newbie.

AI-analyzed exploit summary This PoC demonstrates a DoS vulnerability (CVE-2015-3839) in Android's SMS/MMS handling by sending malformed PDU data via broadcast intent, causing the SMS app to crash. The exploit targets Android versions 4.4.4 and 5.0.1, as confirmed in the README.

Description

The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).

Exploits (1)

nomisec WORKING POC
by Cecilia-newbie · poc
https://github.com/Cecilia-newbie/cve-2015-3839_PoC

This PoC demonstrates a DoS vulnerability (CVE-2015-3839) in Android's SMS/MMS handling by sending malformed PDU data via broadcast intent, causing the SMS app to crash. The exploit targets Android versions 4.4.4 and 5.0.1, as confirmed in the README.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Android (4.4.4, 5.0.1)
No auth needed
Prerequisites: Android device with vulnerable SMS/MMS app · Ability to install and run the PoC app
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100158
Broken Link x_refsource_confirm
https://huntcve.github.io/2017/02/13/cveupdate/

Scores

CVSS v3 5.5
EPSS 0.0039
EPSS Percentile 31.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
google/android < 5.1.1
Published Aug 07, 2017
Tracked Since Feb 18, 2026