Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Matrixssl Subscribe
Filtered by product Matrixssl

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24609 2 Matrixssl, Rambus 2 Matrixssl, Tls Toolkit 2024-01-03 N/A 7.5 HIGH
Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.
CVE-2022-46505 1 Matrixssl 1 Matrixssl 2023-08-08 N/A 7.5 HIGH
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
CVE-2019-16747 1 Matrixssl 1 Matrixssl 2021-01-04 5.0 MEDIUM 7.5 HIGH
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.
CVE-2016-6886 1 Matrixssl 1 Matrixssl 2017-01-18 5.0 MEDIUM 7.5 HIGH
The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.
CVE-2016-6885 1 Matrixssl 1 Matrixssl 2017-01-17 5.0 MEDIUM 7.5 HIGH
The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation.
CVE-2016-6892 1 Matrixssl 1 Matrixssl 2017-01-06 5.0 MEDIUM 7.5 HIGH
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
CVE-2016-6891 1 Matrixssl 1 Matrixssl 2017-01-06 5.0 MEDIUM 7.5 HIGH
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.