CVE-2019-14431

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.
References
Link Resource
https://github.com/matrixssl/matrixssl/issues/30 Exploit Issue Tracking Third Party Advisory
https://github.com/matrixssl/matrixssl/issues/30 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:26

Type Values Removed Values Added
References () https://github.com/matrixssl/matrixssl/issues/30 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/matrixssl/matrixssl/issues/30 - Exploit, Issue Tracking, Third Party Advisory

03 Mar 2023, 02:46

Type Values Removed Values Added
References (MISC) https://github.com/matrixssl/matrixssl/issues/30 - Exploit, Third Party Advisory (MISC) https://github.com/matrixssl/matrixssl/issues/30 - Exploit, Issue Tracking, Third Party Advisory

Information

Published : 2019-07-29 22:15

Updated : 2024-11-21 04:26


NVD link : CVE-2019-14431

Mitre link : CVE-2019-14431

CVE.ORG link : CVE-2019-14431


JSON object : View

Products Affected

matrixssl

  • matrixssl
CWE
CWE-755

Improper Handling of Exceptional Conditions

CWE-787

Out-of-bounds Write