Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Matrixssl
(Matrixssl)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-01-09 | CVE-2017-1000415 | MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | Matrixssl | 5.9 | ||
| 2017-01-05 | CVE-2016-6892 | The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. | Matrixssl | 7.5 | ||
| 2017-01-05 | CVE-2016-6891 | MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. | Matrixssl | 7.5 | ||
| 2017-01-05 | CVE-2016-6890 | Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. | Matrixssl | 9.8 | ||
| 2017-01-13 | CVE-2016-6887 | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | Matrixssl | 5.9 | ||
| 2017-01-13 | CVE-2016-6886 | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | Matrixssl | 7.5 | ||
| 2017-01-13 | CVE-2016-6885 | The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | Matrixssl | 7.5 | ||
| 2017-03-03 | CVE-2016-6884 | TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message. | Matrixssl | 6.5 | ||
| 2017-03-03 | CVE-2016-6883 | MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. | Matrixssl | 5.9 | ||
| 2017-03-03 | CVE-2016-6882 | MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | Matrixssl | 5.9 |