218 matches found
CVE-2016-6882
MatrixSSL before 3.8.7, when the DHERSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack...
Design/Logic Flaw
MatrixSSL before 3.8.7, when the DHERSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack...
CVE-2016-6882
MatrixSSL before 3.8.7, when the DHERSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack...
CVE-2016-6883
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...
Information disclosure
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...
Out-of-bounds
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service out-of-bounds read via a crafted message...
CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service out-of-bounds read via a crafted message...
CVE-2016-6883
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...
CVE-2016-6882
MatrixSSL before 3.8.7, when the DHERSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack...
CVE-2016-6882
CVE-2016-6882 concerns MatrixSSL prior to 3.8.7. When DHE_RSA cipher suites are enabled, remote attackers may exploit a Lenstra side-channel to glean RSA private key information. The vulnerability is limited to affected builds of MatrixSSL and is primarily an information-leak risk to private RSA ...
CVE-2016-6883
CVE-2016-6883 affects MatrixSSL (pre-3.8.3) configured with RSA cipher suites, enabling Bleichenbacher-style information disclosure via TLS. The Connected IBM bulletin notes IBM Predictive Insights 8.5 and 9.0 as affected and frames the issue around an RSA padding vulnerability leading to potenti...
CVE-2016-6883
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack...
CVE-2016-6884
CVE-2016-6884 affects MatrixSSL before 3.8.3. TLS cipher suites using CBC mode in TLS 1.1/1.2 can be exploited by remote attackers to cause a denial of service via an out-of-bounds read in a crafted message. Impact is a partial availability loss without confidentiality or integrity compromise. Af...
CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service out-of-bounds read via a crafted message...
PT-2017-2886 · Matrixssl · Matrixssl
Name of the Vulnerable Software and Affected Versions: MatrixSSL versions 3.8.7b Description: The issue is caused by a heap buffer overflow in the X509 certificate parsing procedure of the MatrixSSL cryptographic library. This can be exploited by a remote attacker using a specially crafted x509...
MatrixSSL has a Denial of Service Vulnerability Vulnerability
MatrixSSL is an embedded, open source SSLv3 stack designed for small applications and devices. A denial of service vulnerability vulnerability exists in the pstmexptmod&rsquo function of MatrixSSL prior to version 3.8.4. A remote attacker exploiting this vulnerability could launch a denial of...
MatrixSSL < 3.8.7 Cryptographic Vulnerability
MatrixSSL is prone to a vulnerability in the modular exponentiation function. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...
CVE-2016-6886
The pstmreverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service invalid memory read and crash via a 1 zero value or 2 the key's modulus for the secret key during RSA key exchange...
CVE-2016-6885
The pstmexptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service invalid free and crash via a base zero value for the modular exponentiation...
CVE-2016-8671
The pstmexptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887...