CVE-2016-6891
https://notcve.org/view.php?id=CVE-2016-6891
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. MatrixSSL en versiones anteriores a 3.8.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un ASN.1 Bit Field primitive manipulado en un certificado X.509. • http://www.securityfocus.com/bid/93498 http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md https://www.kb.cert.org/vuls/id/396440 • CWE-125: Out-of-bounds Read •
CVE-2016-6890
https://notcve.org/view.php?id=CVE-2016-6890
Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. Desbordamiento de búfer basado en memoria dinámica en MatrixSSL en versiones anteriores a 3.8.6 permite a atacantes remotos ejecutar código arbitrario a través de un Subject Alt Name manipulado en un certificado X.509. • http://www.securityfocus.com/bid/93498 http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md https://www.kb.cert.org/vuls/id/396440 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-6892
https://notcve.org/view.php?id=CVE-2016-6892
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. La función x509FreeExtensions en MatrixSSL en versiones anteriores a 3.8.6 permite a atacantes remotos provocar una denegación de servicio (libre de memoria no asignada) a través de un certificado X.509 manipulado. • http://www.securityfocus.com/bid/93498 http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md https://www.kb.cert.org/vuls/id/396440 • CWE-416: Use After Free •