5.3

CVE-2017-1000417

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MatrixsslMatrixssl Version3.7.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.465
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.ieee-security.org/TC/SP2017/papers/231.pdf
Third Party Advisory
Technical Description
https://www.youtube.com/watch?v=FW--c_F_cY8
Third Party Advisory
https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md
Release Notes