Vulnerability Description
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Matrixssl | Matrixssl | < 4.2.2 |
Related Weaknesses (CWE)
References
- https://github.com/matrixssl/matrixssl/blob/4-2-2-open/doc/CHANGES_v4.x.mdRelease NotesThird Party Advisory
- https://github.com/matrixssl/matrixssl/issues/33ExploitThird Party Advisory
- https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-openThird Party Advisory
- https://github.com/matrixssl/matrixssl/blob/4-2-2-open/doc/CHANGES_v4.x.mdRelease NotesThird Party Advisory
- https://github.com/matrixssl/matrixssl/issues/33ExploitThird Party Advisory
- https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-openThird Party Advisory
FAQ
What is CVE-2019-16747?
CVE-2019-16747 is a vulnerability with a CVSS score of 7.5 (HIGH). In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerabilit...
How severe is CVE-2019-16747?
CVE-2019-16747 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16747?
Check the references section above for vendor advisories and patch information. Affected products include: Matrixssl Matrixssl.