CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6884
https://notcve.org/view.php?id=CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message. Conjuntos de cifrado TLS con modo CBC en TLS 1.1 y 1.2 en MatrixSSL en versiones anteriores a 3.8.3 permiten a atacantes remotos provocar una denegación de servicios (lectura fuera de límites) a través de un mensaje manipulado. • http://www.openwall.com/lists/oss-security/2016/08/19/8 http://www.securityfocus.com/bid/91488 https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6882
https://notcve.org/view.php?id=CVE-2016-6882
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. MatrixSSL en versiones anteriores a 3.8.7, cuando el conjunto de cifrado basado en DHE_RSA es admitido, hace más fácil a atacantes remotos obtener información de la clave privada RSA llevando un ataque Lenstra de canal lateral. • http://www.openwall.com/lists/oss-security/2016/08/19/7 http://www.securityfocus.com/bid/91488 https://access.redhat.com/blogs/766093/posts/1976703 https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-320: Key Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6887
https://notcve.org/view.php?id=CVE-2016-6887
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. La función pstm_exptmod en MatrixSSL 3.8.6 y versiones anteriores no realiza adecuadamente la exponenciación modular, lo que podría permitir a atacantes remotos predecir la clave secreta a través de un ataque CRT. • http://www.matrixssl.org/blog/releases/matrixssl_3_8_4 https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8671
https://notcve.org/view.php?id=CVE-2016-8671
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. La función pstm_exptmod en MatrixSSL 3.8.6 y versiones anteriores no realiza adecuadamente la exponenciación modular, lo que podría permitir a atacantes remotos predecir la clave secreta a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-6887. • http://www.openwall.com/lists/oss-security/2016/10/15/2 http://www.openwall.com/lists/oss-security/2016/10/15/8 http://www.securityfocus.com/bid/95439 https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-CVE-2016-8671%2C-incomplete-fix-for-CVE-2016-6887.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6886
https://notcve.org/view.php?id=CVE-2016-6886
The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. La función pstm_reverse en MatrixSSL en versiones anteriores a 3.8.4 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un (1) valor cero o (2) los módulos de teclas para la clave secreta durante el intercambio de clave RSA. • http://www.matrixssl.org/blog/releases/matrixssl_3_8_4 http://www.securityfocus.com/bid/92604 https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html • CWE-320: Key Management Errors •