CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-1000417

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.3%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md
https://www.ieee-security.org/TC/SP2017/papers/231.pdf
https://www.youtube.com/watch?v=FW--c_F_cY8
https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md
https://www.ieee-security.org/TC/SP2017/papers/231.pdf
https://www.youtube.com/watch?v=FW--c_F_cY8

Products affected by CVE-2017-1000417

Matrixssl » Matrixssl » Version: 3.7.2

cpe:2.3:a:matrixssl:matrixssl:3.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-1000417

Products

Pricing

Contact Us