Matrixssl Matrixssl

Do you want an email whenever new security vulnerabilities are reported in Matrixssl?

By the Year

In 2024 there have been 0 vulnerabilities in Matrixssl . Last year Matrixssl had 3 security vulnerabilities published. Right now, Matrixssl is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 3 8.27
2022 0 0.00
2021 0 0.00
2020 1 7.50
2019 4 8.83
2018 1 4.70

It may take a day or so for new Matrixssl vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Matrixssl Security Vulnerabilities

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server

CVE-2023-24609 7.5 - High - December 22, 2023

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.

Integer Overflow or Wraparound

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret

CVE-2022-46505 7.5 - High - January 18, 2023

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.

Improper Initialization

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13

CVE-2022-43974 9.8 - Critical - January 09, 2023

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.

Integer Overflow or Wraparound

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash)

CVE-2019-16747 7.5 - High - December 30, 2020

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.

Memory Corruption

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation

CVE-2019-13629 5.9 - Medium - October 03, 2019

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.

Use of a Broken or Risky Cryptographic Algorithm

In MatrixSSL 3.8.3 Open through 4.2.1 Open

CVE-2019-14431 9.8 - Critical - July 29, 2019

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.

Memory Corruption

MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.

CVE-2019-13470 9.8 - Critical - July 09, 2019

MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.

Out-of-bounds Read

pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification

CVE-2019-10914 9.8 - Critical - April 08, 2019

pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.

Memory Corruption

MatrixSSL through 3.9.5 Open

CVE-2018-12439 4.7 - Medium - June 15, 2018

MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Information Disclosure

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b

CVE-2017-2782 9.1 - Critical - June 22, 2017

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection

Integer Overflow or Wraparound

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b

CVE-2017-2781 9.8 - Critical - June 22, 2017

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection.

Memory Corruption

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b

CVE-2017-2780 9.8 - Critical - June 22, 2017

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Matrixssl or by Matrixssl? Click the Watch button to subscribe.

Matrixssl
Vendor

Matrixssl
Product

subscribe