Matrixssl: >> Matrixssl >> 3.8.3 Security Vulnerabilities
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-01-13
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.
CVSS Score
5.9
EPSS Score
0.004
Published
2017-01-13
Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.
CVSS Score
9.8
EPSS Score
0.112
Published
2017-01-05
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-01-05
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-01-05
Page 2