Matrixssl: >> Matrixssl >> 3.8.2 Security Vulnerabilities
The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-01-13
The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-01-13
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-01-13
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.
CVSS Score
5.9
EPSS Score
0.004
Published
2017-01-13
Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.
CVSS Score
9.8
EPSS Score
0.112
Published
2017-01-05
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-01-05
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-01-05
Page 2