CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2017-2780
https://notcve.org/view.php?id=CVE-2017-2780
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en memoria dinámica (heap) en la funcionalidad de análisis sintáctico de certificados X509 de InsideSecure MatrixSSL 3.8.7b. Un certificado X509 especialmente manipulado puede provocar un desbordamiento de búfer en el heap que daría lugar a la ejecución remota de código. • http://www.securityfocus.com/bid/99249 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2017-2781
https://notcve.org/view.php?id=CVE-2017-2781
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en memoria dinámica (heap) en la funcionalidad de análisis sintáctico de certificados X509 de InsideSecure MatrixSSL 3.8.7b. Un certificado X509 especialmente manipulado puede provocar un desbordamiento de búfer en el heap que daría lugar a la ejecución remota de código. • http://www.securityfocus.com/bid/99249 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6883
https://notcve.org/view.php?id=CVE-2016-6883
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. MatrixSSL en versiones anteriores a 3.8.3 configurado con RSA Cipher Suites permite a atacantes remotos obtener información sensible a través de una variante de ataque Bleichenbacher. • http://www.openwall.com/lists/oss-security/2016/08/19/8 http://www.securityfocus.com/bid/91488 https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6884
https://notcve.org/view.php?id=CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message. Conjuntos de cifrado TLS con modo CBC en TLS 1.1 y 1.2 en MatrixSSL en versiones anteriores a 3.8.3 permiten a atacantes remotos provocar una denegación de servicios (lectura fuera de límites) a través de un mensaje manipulado. • http://www.openwall.com/lists/oss-security/2016/08/19/8 http://www.securityfocus.com/bid/91488 https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6882
https://notcve.org/view.php?id=CVE-2016-6882
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. MatrixSSL en versiones anteriores a 3.8.7, cuando el conjunto de cifrado basado en DHE_RSA es admitido, hace más fácil a atacantes remotos obtener información de la clave privada RSA llevando un ataque Lenstra de canal lateral. • http://www.openwall.com/lists/oss-security/2016/08/19/7 http://www.securityfocus.com/bid/91488 https://access.redhat.com/blogs/766093/posts/1976703 https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-320: Key Management Errors •