彙總 matrixssl 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位、記憶體損壞與路徑處理缺陷 相關,可能在 軟體部署與生產負載 場景中帶來 記憶體損壞與應用程式崩潰 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-24609 | Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. | [email protected] | 7.5 | 0.73% | 2023-12-21 | 2026-06-17 |
| CVE-2022-46505 | An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. | [email protected] | 7.5 | 0.86% | 2023-01-18 | 2026-06-17 |
| CVE-2022-43974 | MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0. | [email protected] | 8.1 | 1.70% | 2023-01-09 | 2026-06-17 |
| CVE-2019-16747 | In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431. | [email protected] | 7.5 | 1.77% | 2020-12-30 | 2026-06-16 |
| CVE-2019-13629 | MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar. | [email protected] | 5.9 | 1.24% | 2019-10-03 | 2026-06-16 |
| CVE-2019-14431 | In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | [email protected] | 9.8 | 3.63% | 2019-07-29 | 2026-06-16 |
| CVE-2019-13470 | MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling. | [email protected] | 9.8 | 1.62% | 2019-07-09 | 2026-06-16 |
| CVE-2019-10914 | pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | [email protected] | 9.8 | 1.44% | 2019-04-08 | 2026-06-16 |
| CVE-2018-12439 | MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | [email protected] | 4.7 | 0.27% | 2018-06-14 | 2026-06-16 |
| CVE-2017-1000417 | MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. | [email protected] | 5.3 | 0.66% | 2018-01-22 | 2026-06-16 |
| CVE-2017-1000415 | MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | [email protected] | 5.9 | 0.50% | 2018-01-09 | 2026-06-16 |
| CVE-2017-2782 | An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection | [email protected] | 6.5 | 1.01% | 2017-06-22 | 2026-06-16 |
| CVE-2017-2781 | An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. | [email protected] | 9.8 | 2.34% | 2017-06-22 | 2026-06-16 |
| CVE-2017-2780 | An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. | [email protected] | 9.8 | 2.34% | 2017-06-22 | 2026-06-16 |
| CVE-2016-6884 | TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message. | [email protected] | 6.5 | 1.33% | 2017-03-03 | 2026-06-16 |
| CVE-2016-6883 | MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. | [email protected] | 5.9 | 13.91% | 2017-03-03 | 2026-06-16 |
| CVE-2016-6882 | MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | [email protected] | 5.9 | 1.30% | 2017-03-03 | 2026-06-16 |
| CVE-2016-8671 | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. | [email protected] | 5.9 | 1.34% | 2017-01-13 | 2026-06-16 |
| CVE-2016-6887 | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | [email protected] | 5.9 | 1.15% | 2017-01-13 | 2026-06-16 |
| CVE-2016-6886 | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | [email protected] | 7.5 | 1.69% | 2017-01-13 | 2026-06-16 |