CVE-2019-10914

Name of the Vulnerable Software and Affected Versions MatrixSSL version 4.0.1

Description The issue is related to a stack-based buffer overflow that occurs during X.509 certificate verification. This happens due to missing validation in the psRsaDecryptPubExt function, located in crypto/pubkey/rsa pub.c, which is part of the MatrixSSL library used in Inside Secure TLS Toolkit.

Recommendations For MatrixSSL version 4.0.1, consider applying validation to the psRsaDecryptPubExt function to prevent the stack-based buffer overflow. As a temporary workaround, restrict the use of the pubRsaDecryptSignedElementExt function until a patch is available.