4 matches found
InsideSecure MatrixSSL x509 certificate SubjectDomainPolicy Remote Code Execution Vulnerability(CVE-2017-2780)
Summary An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a...
MatrixSSL < 3.9.3 Multiple Vulnerabilities
MatrixSSL is prone multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2017-2780
CVE-2017-2780 is a heap-based buffer overflow in InsideSecure MatrixSSL 3.8.7b, triggered while parsing the X509 SubjectDomainPolicy extension in DER certificates. The vulnerability arises in parsePolicyMappings, where an OID length-derived allocation can overflow when more OIDs are copied than s...
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosOverviewMatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit SDK that is geared towards application in Internet of Things IOT devices and other embedded systems. It features low resource overhead a...