ID CVE-2016-6886
Summary The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange.
References
Vulnerable Configurations
  • MatrixSSL 3.8.3
    cpe:2.3:a:matrixssl:matrixssl:3.8.3
CVSS
Base: 5.0 (as of 17-01-2017 - 12:09)
Impact:
Exploitability:
CWE CWE-320
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
refmap via4
bid 92604
confirm http://www.matrixssl.org/blog/releases/matrixssl_3_8_4
misc https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
Last major update 17-01-2017 - 21:59
Published 13-01-2017 - 11:59
Back to Top