Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrixssl matrixssl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and previous versions leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
Matrixssl Matrixssl
2 Github repositories
5.9
CVSSv3
CVE-2016-8671
The pstm_exptmod function in MatrixSSL 3.8.6 and previous versions does not properly perform modular exponentiation, which might allow remote malicious users to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-20...
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2019-10914
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2019-13470
MatrixSSL prior to 4.2.1 has an out-of-bounds read during ASN.1 handling.
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2019-14431
In MatrixSSL 3.8.3 Open up to and including 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, t...
Matrixssl Matrixssl
5.9
CVSSv3
CVE-2019-13629
MatrixSSL 4.2.1 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because cry...
Matrixssl Matrixssl
9.8
CVSSv3
CVE-2022-43974
MatrixSSL 4.0.4 up to and including 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.
Matrixssl Matrixssl
7.5
CVSSv3
CVE-2019-16747
In MatrixSSL prior to 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.
Matrixssl Matrixssl
5.9
CVSSv3
CVE-2016-6882
MatrixSSL prior to 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote malicious users to obtain RSA private key information by conducting a Lenstra side-channel attack.
Matrixssl Matrixssl
6.5
CVSSv3
CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL prior to 3.8.3 allow remote malicious users to cause a denial of service (out-of-bounds read) via a crafted message.
Matrixssl Matrixssl
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »