Vulnerability Details

MatrixSSL <= 4.2.1 RCE Vulnerability

Published: 2019-08-05 07:31:52
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Detection Type:
Remote Banner Unreliable

Solution Type:
None Available

Summary:
MatrixSSL is prone to a remote code execution vulnerability.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
The DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.

Affected Versions:
MatrixSSL version 4.2.1 and prior.

Recommendations:
No known solution is available as of 05th August, 2019. Information regarding this issue will be updated once solution details are available.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-14431

References:

https://github.com/matrixssl/matrixssl/issues/30

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.