Vulnerabilities > CVE-2016-6892 - Use After Free vulnerability in Matrixssl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/93498
- http://www.securityfocus.com/bid/93498
- http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices/
- http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices/
- https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md
- https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md
- https://www.kb.cert.org/vuls/id/396440
- https://www.kb.cert.org/vuls/id/396440