CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6885
https://notcve.org/view.php?id=CVE-2016-6885
The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. La función pstm_exptmod en MatrixSSL en versiones anteriores a 3.8.4 permite a atacantes remotos provocar una denegación de servicio (liberación no válida y caída) a través de un valor base cero para la exponenciación modular. • http://www.matrixssl.org/blog/releases/matrixssl_3_8_4 https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6891
https://notcve.org/view.php?id=CVE-2016-6891
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. MatrixSSL en versiones anteriores a 3.8.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un ASN.1 Bit Field primitive manipulado en un certificado X.509. • http://www.securityfocus.com/bid/93498 http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md https://www.kb.cert.org/vuls/id/396440 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2016-6890
https://notcve.org/view.php?id=CVE-2016-6890
Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. Desbordamiento de búfer basado en memoria dinámica en MatrixSSL en versiones anteriores a 3.8.6 permite a atacantes remotos ejecutar código arbitrario a través de un Subject Alt Name manipulado en un certificado X.509. • http://www.securityfocus.com/bid/93498 http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md https://www.kb.cert.org/vuls/id/396440 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6892
https://notcve.org/view.php?id=CVE-2016-6892
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. La función x509FreeExtensions en MatrixSSL en versiones anteriores a 3.8.6 permite a atacantes remotos provocar una denegación de servicio (libre de memoria no asignada) a través de un certificado X.509 manipulado. • http://www.securityfocus.com/bid/93498 http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md https://www.kb.cert.org/vuls/id/396440 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2681
https://notcve.org/view.php?id=CVE-2004-2681
PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session. • http://www.matrixssl.org/archives/000076.html https://exchange.xforce.ibmcloud.com/vulnerabilities/40483 •