Vulnerabilities > Matrixssl

DATE CVE VULNERABILITY TITLE RISK
2020-12-30 CVE-2019-16747 Out-Of-Bounds Write vulnerability in Matrixssl
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.
network
low complexity
matrixssl CWE-787
5.0
2019-10-03 CVE-2019-13629 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Matrixssl
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation.
network
matrixssl CWE-327
4.3
2019-07-29 CVE-2019-14431 Improper Handling of Exceptional Conditions vulnerability in Matrixssl
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c.
network
low complexity
matrixssl CWE-755
7.5
2019-07-09 CVE-2019-13470 Out-Of-Bounds Read vulnerability in Matrixssl
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.
network
low complexity
matrixssl CWE-125
7.5
2019-04-08 CVE-2019-10914 Improper Certificate Validation vulnerability in Matrixssl
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
network
low complexity
matrixssl CWE-295
7.5
2018-06-15 CVE-2018-12439 Information Exposure vulnerability in Matrixssl
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
1.9
2018-06-15 CVE-2018-12438 Information Exposure vulnerability in multiple products
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
1.9
2018-06-15 CVE-2018-12437 Information Exposure vulnerability in multiple products
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
1.9
2018-06-15 CVE-2018-12433 Information Exposure vulnerability in multiple products
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
1.9
2018-01-22 CVE-2017-1000417 Improper Certificate Validation vulnerability in Matrixssl 3.7.2
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g.
network
low complexity
matrixssl CWE-295
5.0