In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.
References
Link | Resource |
---|---|
https://github.com/matrixssl/matrixssl/issues/30 | Exploit Issue Tracking Third Party Advisory |
https://github.com/matrixssl/matrixssl/issues/30 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 04:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/matrixssl/matrixssl/issues/30 - Exploit, Issue Tracking, Third Party Advisory |
03 Mar 2023, 02:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/matrixssl/matrixssl/issues/30 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2019-07-29 22:15
Updated : 2024-11-21 04:26
NVD link : CVE-2019-14431
Mitre link : CVE-2019-14431
CVE.ORG link : CVE-2019-14431
JSON object : View
Products Affected
matrixssl
- matrixssl