Matrixssl

Matrixssl

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-24609

Exploit
  • EPSS 0.18%
  • Veröffentlicht 22.12.2023 04:15:08
  • Zuletzt bearbeitet 21.11.2024 07:48:13

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a l...

7.5

CVE-2022-46505

Exploit
  • EPSS 0.55%
  • Veröffentlicht 18.01.2023 16:15:11
  • Zuletzt bearbeitet 04.04.2025 17:15:47

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.

9.8

CVE-2022-43974

  • EPSS 11.22%
  • Veröffentlicht 09.01.2023 09:15:10
  • Zuletzt bearbeitet 06.03.2025 16:15:37

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.

7.5

CVE-2019-16747

Exploit
  • EPSS 0.41%
  • Veröffentlicht 30.12.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:06

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.

5.9

CVE-2019-13629

  • EPSS 0.27%
  • Veröffentlicht 03.10.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:24

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issu...

9.8

CVE-2019-14431

Exploit
  • EPSS 1.23%
  • Veröffentlicht 29.07.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:26:44

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a...

9.8

CVE-2019-13470

  • EPSS 0.43%
  • Veröffentlicht 09.07.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:24:58

MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.

9.8

CVE-2019-10914

  • EPSS 0.4%
  • Veröffentlicht 08.04.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:08

pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.

4.7

CVE-2018-12439

  • EPSS 0.06%
  • Veröffentlicht 15.06.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:13

MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual m...

5.3

CVE-2017-1000417

  • EPSS 0.15%
  • Veröffentlicht 22.01.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 03:04:41

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.