Main Vulnerability Database Vulnerabilities #VU7198

Information disclosure in MatrixSSL - CVE-2017-2782

Published: June 26, 2017

Vulnerability identifier: #VU7198

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-2782

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: InsideSecure

Affected software:
MatrixSSL

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL due to length counter overflow. A remote attacker can supply a specially crafted x509 certificate when initiating secure connection, perform out of bounds copy operation, trigger memory leak and read arbitrary files.

Successful exploitation of the vulnerability results in information disclosure.

How to mitigate CVE-2017-2782

Update to version 3.9.3.

Sources

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0278

Information disclosure in MatrixSSL - CVE-2017-2782

Detailed vulnerability description

How to mitigate CVE-2017-2782

Sources

Please verify you're human