Inside Secure MatrixSSL 缓冲区错误漏洞

MatrixSSL is an embedded, open source SSLv3 stack designed for small applications and devices. An invalid pointer release vulnerability exists in the DTLS server in versions prior to MatrixSSL 4.2.2 Open. An attacker could exploit this vulnerability via specially crafted incoming network messages...

Security Bulletin: Multiple Security Vulnerabilities Impact IBM Predictive Insights

Summary Multiple security vulnerabilities impact IBM Predictive Insights Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially crafted OOXML file, ...

CVE-2019-13629

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...

CVE-2019-13629

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...

CVE-2019-13629

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...

Design/Logic Flaw

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...

CVE-2019-13629

CVE-2019-13629 affects MatrixSSL 4.2.1 and earlier. The vulnerability is a timing side channel in ECDSA signature generation: the implementation leaks the bit length of the scalar via scalar multiplication in crypto/pubkey/ecc_math.c. An attacker who can observe durations over hundreds to thousan...

CVE-2019-13629

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...

MatrixSSL < 4.2.2 Multiple Vulnerabilities

MatrixSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:matrixssl:matrixssl"; if...

INSIDE Secure MatrixSSL Buffer Overflow Vulnerability (CNVD-2020-22363)

INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. INSIDE Secure MatrixSSL suffers from a buffer overflow vulnerability that stems from the DTLS server not properly handling incoming network messages. An attacke...

CVE-2019-14431

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...

CVE-2019-14431

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...

CVE-2019-14431

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...

Heap overflow

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...

CVE-2019-14431

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...

CVE-2019-14431

MatrixSSL 3.8.3 Open through 4.2.1 Open is affected by CVE-2019-14431 due to a DTLS processing bug in parseSSLHandshake (sslDecode.c) that can mishandle the fragment length, causing a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution. The vulnerability is triggered ...

PT-2019-13692 · Matrixssl · Matrixssl

Name of the Vulnerable Software and Affected Versions: MatrixSSL versions 3.8.3 Open through 4.2.1 Open Description: The issue arises from the DTLS server's mishandling of incoming network messages, leading to a heap-based buffer overflow of up to 256 bytes. This can result in possible Remote Cod...

MatrixSSL < 4.2.1 Out-Of-Bounds Read Vulnerability

MatrixSSL is prone to an out-of-bounds read vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

CVE-2019-13470

MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling...

CVE-2019-13470

MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling...