Lucene search

MitreCVELIST:CVE-2022-43974

HistoryJan 09, 2023 - 12:00 a.m.

CVE-2022-43974

2023-01-0900:00:00

mitre

www.cve.org

matrixssl

integer overflow

tls 13

buffer overflow

remote code execution

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.022

Percentile

89.7%

JSON

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.

References

github.com/matrixssl/matrixssl/blob/4-6-0-open/doc/CHANGES_v4.x.md

github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29

www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.022

Percentile

89.7%

JSON

Related for CVELIST:CVE-2022-43974