CVE-2017-2782 — MEDIUM (6.5)

Vulnerability Description

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Matrixssl	Matrixssl	3.8.7b

Related Weaknesses (CWE)

CWE-190

References

http://www.securityfocus.com/bid/99249Third Party AdvisoryVDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/99249Third Party AdvisoryVDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2017-2782?

CVE-2017-2782 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, le...

How severe is CVE-2017-2782?

CVE-2017-2782 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2782?

Check the references section above for vendor advisories and patch information. Affected products include: Matrixssl Matrixssl.