Lucene search

K

13 matches found

CVE
CVE
added 2017/03/03 4:59 p.m.70 views

CVE-2016-6883

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.

5.9CVSS6.1AI score0.69768EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.46 views

CVE-2016-8671

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.

5.9CVSS5.7AI score0.00373EPSS
CVE
CVE
added 2017/06/22 9:29 p.m.46 views

CVE-2017-2780

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafte...

9.8CVSS9.8AI score0.05523EPSS
CVE
CVE
added 2017/06/22 9:29 p.m.45 views

CVE-2017-2781

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafte...

9.8CVSS9.8AI score0.04579EPSS
CVE
CVE
added 2017/03/03 4:59 p.m.44 views

CVE-2016-6884

TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.

6.5CVSS6.7AI score0.00476EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.44 views

CVE-2016-6885

The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation.

7.5CVSS7.4AI score0.00721EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.44 views

CVE-2016-6887

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.

5.9CVSS5.5AI score0.00297EPSS
CVE
CVE
added 2017/06/22 9:29 p.m.44 views

CVE-2017-2782

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially craf...

9.1CVSS9.1AI score0.00241EPSS
CVE
CVE
added 2017/01/05 10:59 p.m.40 views

CVE-2016-6891

MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate.

7.5CVSS8.1AI score0.02081EPSS
CVE
CVE
added 2017/01/05 10:59 p.m.39 views

CVE-2016-6892

The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.

7.5CVSS8.1AI score0.02081EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.38 views

CVE-2016-6886

The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.

7.5CVSS7.4AI score0.00813EPSS
CVE
CVE
added 2017/01/05 10:59 p.m.37 views

CVE-2016-6890

Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.

10CVSS9.8AI score0.11163EPSS
CVE
CVE
added 2017/03/03 4:59 p.m.36 views

CVE-2016-6882

MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.

5.9CVSS6.3AI score0.00384EPSS