CVE-2019-14431

Name of the Vulnerable Software and Affected Versions MatrixSSL versions 3.8.3 Open through 4.2.1 Open

Description The issue arises from the DTLS server's mishandling of incoming network messages, leading to a heap-based buffer overflow of up to 256 bytes. This can result in possible Remote Code Execution when processing crafted packets, specifically due to the mishandling of the fragment length value provided in the DTLS message. The problem occurs in the parseSSLHandshake function within sslDecode.c.

Recommendations For MatrixSSL versions 3.8.3 Open through 4.2.1 Open, consider disabling the parseSSLHandshake function in sslDecode.c as a temporary workaround until a patch is available. Restrict access to DTLS message processing to minimize the risk of exploitation. Avoid using crafted packets that could trigger the buffer overflow until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.