Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrixssl matrixssl vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-6891
MatrixSSL prior to 3.8.6 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.
Matrixssl Matrixssl
445
VMScore
CVE-2016-6892
The x509FreeExtensions function in MatrixSSL prior to 3.8.6 allows remote malicious users to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
Matrixssl Matrixssl
383
VMScore
CVE-2016-8671
The pstm_exptmod function in MatrixSSL 3.8.6 and previous versions does not properly perform modular exponentiation, which might allow remote malicious users to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-20...
Matrixssl Matrixssl
445
VMScore
CVE-2019-16747
In MatrixSSL prior to 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.
Matrixssl Matrixssl
668
VMScore
CVE-2019-13470
MatrixSSL prior to 4.2.1 has an out-of-bounds read during ASN.1 handling.
Matrixssl Matrixssl
383
VMScore
CVE-2019-13629
MatrixSSL 4.2.1 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because cry...
Matrixssl Matrixssl
668
VMScore
CVE-2019-14431
In MatrixSSL 3.8.3 Open up to and including 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, t...
Matrixssl Matrixssl
668
VMScore
CVE-2019-10914
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
Matrixssl Matrixssl
383
VMScore
CVE-2017-1000415
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.
Matrixssl Matrixssl 3.7.2
445
VMScore
CVE-2017-1000417
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.
Matrixssl Matrixssl 3.7.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »