Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrixssl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-10914
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
Matrixssl Matrixssl
1.9
CVSSv2
CVE-2018-12439
MatrixSSL up to and including 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same...
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2019-13629
MatrixSSL 4.2.1 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because cry...
Matrixssl Matrixssl
7.5
CVSSv2
CVE-2019-14431
In MatrixSSL 3.8.3 Open up to and including 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, t...
Matrixssl Matrixssl
NA
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and previous versions leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
Matrixssl Matrixssl
2 Github repositories
4.3
CVSSv2
CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL prior to 3.8.3 allow remote malicious users to cause a denial of service (out-of-bounds read) via a crafted message.
Matrixssl Matrixssl
5
CVSSv2
CVE-2016-6886
The pstm_reverse function in MatrixSSL prior to 3.8.4 allows remote malicious users to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2016-6887
The pstm_exptmod function in MatrixSSL 3.8.6 and previous versions does not properly perform modular exponentiation, which might allow remote malicious users to predict the secret key via a CRT attack.
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2016-8671
The pstm_exptmod function in MatrixSSL 3.8.6 and previous versions does not properly perform modular exponentiation, which might allow remote malicious users to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-20...
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2016-6882
MatrixSSL prior to 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote malicious users to obtain RSA private key information by conducting a Lenstra side-channel attack.
Matrixssl Matrixssl
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »