ID CVE-2016-6892
Summary The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
References
Vulnerable Configurations
  • MatrixSSL 3.8.5
    cpe:2.3:a:matrixssl:matrixssl:3.8.5
CVSS
Base: 5.0 (as of 06-01-2017 - 09:45)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
refmap via4
bid 93498
cert-vn VU#396440
confirm https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md
misc http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices/
Last major update 06-01-2017 - 10:24
Published 05-01-2017 - 17:59
Back to Top