Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrixssl vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2019-13629
MatrixSSL 4.2.1 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because cry...
Matrixssl Matrixssl
5.9
CVSSv3
CVE-2016-6887
The pstm_exptmod function in MatrixSSL 3.8.6 and previous versions does not properly perform modular exponentiation, which might allow remote malicious users to predict the secret key via a CRT attack.
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2019-13470
MatrixSSL prior to 4.2.1 has an out-of-bounds read during ASN.1 handling.
Matrixssl Matrixssl
7.5
CVSSv3
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and previous versions leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
Matrixssl Matrixssl
2 Github repositories
4.7
CVSSv3
CVE-2018-12439
MatrixSSL up to and including 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same...
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2019-10914
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2019-14431
In MatrixSSL 3.8.3 Open up to and including 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, t...
Matrixssl Matrixssl
5.9
CVSSv3
CVE-2016-6883
MatrixSSL prior to 3.8.3 configured with RSA Cipher Suites allows remote malicious users to obtain sensitive information via a Bleichenbacher variant attack.
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2017-2780
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability,...
Matrixssl Matrixssl 3.8.7b
9.8
CVSSv3
CVE-2017-2781
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability,...
Matrixssl Matrixssl 3.8.7b
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »