Vulnerabilities > CVE-2019-14431 - Improper Handling of Exceptional Conditions vulnerability in Matrixssl

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

matrixssl

CWE-755

critical

NVD

Published: 2019-07-29

Updated: 2023-03-03

Summary

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.

Vulnerable Configurations

Part	Description	Count
Application	Matrixssl Matrixssl Matrixssl 3.8.2 Matrixssl Matrixssl 3.8.3 Matrixssl Matrixssl 3.8.4 Matrixssl Matrixssl 3.8.5 Matrixssl Matrixssl 3.8.6 Matrixssl Matrixssl 3.8.7 Matrixssl Matrixssl 3.8.7A Matrixssl Matrixssl 3.8.7B Matrixssl Matrixssl 3.9.0 Matrixssl Matrixssl 3.9.1 Matrixssl Matrixssl 3.9.3 Matrixssl Matrixssl 3.9.5 Matrixssl Matrixssl 4.0.0 Matrixssl Matrixssl 4.0.1 Matrixssl Matrixssl 4.0.2 Matrixssl Matrixssl 4.1.0 Matrixssl Matrixssl 4.2.0 Matrixssl Matrixssl 4.2.1	18

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://github.com/matrixssl/matrixssl/issues/30