Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrixssl matrixssl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-14431
In MatrixSSL 3.8.3 Open up to and including 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, t...
Matrixssl Matrixssl
1.9
CVSSv2
CVE-2018-12439
MatrixSSL up to and including 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same...
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL prior to 3.8.3 allow remote malicious users to cause a denial of service (out-of-bounds read) via a crafted message.
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2016-6883
MatrixSSL prior to 3.8.3 configured with RSA Cipher Suites allows remote malicious users to obtain sensitive information via a Bleichenbacher variant attack.
Matrixssl Matrixssl
7.5
CVSSv2
CVE-2019-10914
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
Matrixssl Matrixssl
7.5
CVSSv2
CVE-2019-13470
MatrixSSL prior to 4.2.1 has an out-of-bounds read during ASN.1 handling.
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2016-6882
MatrixSSL prior to 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote malicious users to obtain RSA private key information by conducting a Lenstra side-channel attack.
Matrixssl Matrixssl
5
CVSSv2
CVE-2016-6885
The pstm_exptmod function in MatrixSSL prior to 3.8.4 allows remote malicious users to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation.
Matrixssl Matrixssl
5
CVSSv2
CVE-2016-6886
The pstm_reverse function in MatrixSSL prior to 3.8.4 allows remote malicious users to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.
Matrixssl Matrixssl
4.3
CVSSv2
CVE-2016-6887
The pstm_exptmod function in MatrixSSL 3.8.6 and previous versions does not properly perform modular exponentiation, which might allow remote malicious users to predict the secret key via a CRT attack.
Matrixssl Matrixssl
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »