CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24609
https://notcve.org/view.php?id=CVE-2023-24609
Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. Matrix SSL 4.x a 4.6.0 y Rambus TLS Toolkit tienen un desbordamiento de enteros de sustracción de longitud para el análisis de la extensión Client Hello Pre-Shared Key en el servidor TLS 1.3. • https://www.rambus.com/security/software-protocols/tls-toolkit https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46505
https://notcve.org/view.php?id=CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. • https://github.com/SmallTown123/details-for-CVE-2022-46505 https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0 • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2022-43974
https://notcve.org/view.php?id=CVE-2022-43974
MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0. MatrixSSL 4.0.4 a 4.5.1 tiene un desbordamiento de enteros en MatrixSslDecodeTls13. Un atacante remoto podría enviar un mensaje TLS manipulado para provocar un desbordamiento del búfer y lograr la ejecución remota de código. • https://github.com/matrixssl/matrixssl/blob/4-6-0-open/doc/CHANGES_v4.x.md https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29 https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16747
https://notcve.org/view.php?id=CVE-2019-16747
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431. En MatrixSSL versiones anteriores a 4.2.2 Open, el servidor DTLS puede encontrar una liberación de puntero no válida (conllevando a una corrupción de la memoria y un bloqueo del demonio) por medio de un mensaje de red entrante diseñado, una vulnerabilidad diferente al CVE-2019-14431. • https://github.com/matrixssl/matrixssl/blob/4-2-2-open/doc/CHANGES_v4.x.md https://github.com/matrixssl/matrixssl/issues/33 https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13629
https://notcve.org/view.php?id=CVE-2019-13629
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar. MatrixSSL versión 4.2.1 y anteriores, contienen un canal lateral de temporización en la generación de firmas ECDSA. Esto permite a un atacante local o remoto, capaz de medir la duración de cientos de miles de operaciones de firma, calcular la clave privada usada. • http://www.openwall.com/lists/oss-security/2019/10/02/2 https://eprint.iacr.org/2011/232.pdf https://minerva.crocs.fi.muni.cz https://tches.iacr.org/index.php/TCHES/article/view/7337 • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •