VYPR

Matrixssl

by Matrixssl

CVEs (26)

  • CVE-2019-13629Oct 3, 2019
    risk 0.00cvss epss 0.01

    MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because…

  • CVE-2019-14431Jul 29, 2019
    risk 0.00cvss epss 0.04

    In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server…

  • CVE-2019-13470Jul 9, 2019
    risk 0.00cvss epss 0.02

    MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.

  • CVE-2019-10914Apr 8, 2019
    risk 0.00cvss epss 0.01

    pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.

  • CVE-2004-2682Dec 31, 2004
    risk 0.00cvss epss 0.01

    PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of…

  • CVE-2004-2681Dec 31, 2004
    risk 0.00cvss epss 0.01

    PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.

Page 2 of 2