CVE-2022-46505

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...

PT-2023-14952 · Matrixssl · Matrixssl

Name of the Vulnerable Software and Affected Versions: MatrixSSL versions 4.5.1-open and earlier Description: An issue leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. Recommendations: For MatrixSSL versions...

MatrixSSL 安全漏洞

Inside Secure MatrixSSL is an embedded, open-source SSLv3 stack designed for small applications and devices from Inside Secure, France. A security vulnerability exists in MatrixSSL version 4.5.1-open and prior versions that stems from an inability to securely check the SessionID field, which coul...

MatrixSSL < 4.2.2 Private Key Computation Vulnerability

MatrixSSL is prone to a private key computation vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

MatrixSSL 4.x < 4.6.0 RCE Vulnerability

MatrixSSL is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-43974

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0...

CVE-2022-43974

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0...

Integer overflow

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0...

CVE-2022-43974

Summary: CVE-2022-43974 affects MatrixSSL versions 4.0.4–4.5.1, where an integer overflow in matrixSslDecodeTls13 could be triggered by a crafted TLS message, leading to remote code execution. Multiple security feeds confirm this issue and indicate a fixed version in 4.6.0. Impact (as stated): Re...

CVE-2022-43974

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0...

CVE-2022-43974

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0...

PT-2023-14416 · Matrixssl · Matrixssl

Name of the Vulnerable Software and Affected Versions: MatrixSSL versions 4.0.4 through 4.5.1 Description: The issue is related to an integer overflow in the matrixSslDecodeTls13 function. A remote attacker might be able to send a crafted TLS message to cause a buffer overflow, potentially leadin...

MatrixSSL Verify X.509 Certificate Stack Buffer Overflow

A buffer overflow vulnerability exists in MatrixSSL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

MatrixSSL Invalid Pointer Release Vulnerability

MatrixSSL is an embedded, open source SSLv3 stack designed for small applications and devices. An invalid pointer release vulnerability exists in the DTLS server in versions prior to MatrixSSL 4.2.2 Open. An attacker could exploit this vulnerability via specially crafted incoming network messages...

CVE-2019-16747

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free leading to memory corruption and a daemon crash via a crafted incoming network message, a different vulnerability than CVE-2019-14431...

Memory corruption

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free leading to memory corruption and a daemon crash via a crafted incoming network message, a different vulnerability than CVE-2019-14431...

CVE-2019-16747

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free leading to memory corruption and a daemon crash via a crafted incoming network message, a different vulnerability than CVE-2019-14431...

CVE-2019-16747

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free leading to memory corruption and a daemon crash via a crafted incoming network message, a different vulnerability than CVE-2019-14431...

CVE-2019-16747

CVE-2019-16747 affects MatrixSSL before 4.2.2 Open. The DTLS server can encounter an invalid pointer free, causing memory corruption and a daemon crash via crafted network messages; this is a separate issue from CVE-2019-14431. Red Hat and related records confirm the vulnerability and point to 4....