Vulnerabilities > CVE-2016-6892 - Use After Free vulnerability in Matrixssl

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

matrixssl

CWE-416

NVD

Published: 2017-01-05

Updated: 2017-01-06

Summary

The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.

Vulnerable Configurations

Part	Description	Count
Application	Matrixssl Matrixssl Matrixssl 3.8.2 Matrixssl Matrixssl 3.8.3 Matrixssl Matrixssl 3.8.4 Matrixssl Matrixssl 3.8.5	4

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

http://www.securityfocus.com/bid/93498
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices/
https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md
https://www.kb.cert.org/vuls/id/396440