ID CVE-2016-6885
Summary The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation.
References
Vulnerable Configurations
  • cpe:2.3:a:matrixssl:matrixssl:3.8.3
    cpe:2.3:a:matrixssl:matrixssl:3.8.3
CVSS
Base: 5.0 (as of 17-01-2017 - 12:05)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
refmap via4
confirm http://www.matrixssl.org/blog/releases/matrixssl_3_8_4
misc https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
Last major update 17-01-2017 - 13:23
Published 13-01-2017 - 11:59
Back to Top