{"id":"ASB-A-284262845","details":"In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-284262845","CVE-2023-40104"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/ca-certificates/+/91204b9fdbd77b3f27f94b73868607b2dccbfdad"}],"affected":[{"package":{"name":"platform/external/conscrypt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-11-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/external/conscrypt/+/0bbed55a8a537217828a4a7031d9dc638d9ae9c2"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284262845.json"}},{"package":{"name":"platform/system/ca-certificates","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-11-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/ca-certificates/+/cfe61c3ca788218b24753229ccacc3d59fab7eea"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284262845.json"}},{"package":{"name":"platform/system/ca-certificates","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-11-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/system/ca-certificates/+/cf6ceba661a1101099c286974e3eb933b2fefeed"],"severity":"High","spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284262845.json"}},{"package":{"name":"platform/system/ca-certificates","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-11-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/ca-certificates/+/cf6ceba661a1101099c286974e3eb933b2fefeed"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284262845.json"}},{"package":{"name":"platform/system/ca-certificates","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/ca-certificates/+/cf6ceba661a1101099c286974e3eb933b2fefeed"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284262845.json"}},{"package":{"name":"platform/system/ca-certificates","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-11-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/system/ca-certificates/+/cf6ceba661a1101099c286974e3eb933b2fefeed"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284262845.json"}}],"schema_version":"1.7.5"}