Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Matrixssl
(Matrixssl)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-03 | CVE-2019-13629 | MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar. | Matrixssl | 5.9 | ||
| 2020-12-30 | CVE-2019-16747 | In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431. | Matrixssl | 7.5 | ||
| 2019-04-08 | CVE-2019-10914 | pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | Matrixssl | 9.8 | ||
| 2019-07-09 | CVE-2019-13470 | MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling. | Matrixssl | 9.8 | ||
| 2018-06-15 | CVE-2018-12439 | MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | Matrixssl | 4.7 | ||
| 2018-01-22 | CVE-2017-1000417 | MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. | Matrixssl | 5.3 | ||
| 2018-01-09 | CVE-2017-1000415 | MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | Matrixssl | 5.9 | ||
| 2017-01-05 | CVE-2016-6892 | The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. | Matrixssl | 7.5 | ||
| 2017-01-05 | CVE-2016-6891 | MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. | Matrixssl | 7.5 | ||
| 2017-01-05 | CVE-2016-6890 | Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. | Matrixssl | 9.8 |