PT-2023-14416 · Matrixssl · Matrixssl
Published
2023-01-09
·
Updated
2023-01-13
·
CVE-2022-43974
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MatrixSSL versions 4.0.4 through 4.5.1
Description
The issue is related to an integer overflow in the
matrixSslDecodeTls13 function. A remote attacker might be able to send a crafted TLS message to cause a buffer overflow, potentially leading to remote code execution.Recommendations
For MatrixSSL versions 4.0.4 through 4.5.1, update to version 4.6.0 to resolve the issue.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Matrixssl