Vulnerability Description
MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Matrixssl | Matrixssl | >= 4.0.0, < 4.6.0 |
Related Weaknesses (CWE)
References
- https://github.com/matrixssl/matrixssl/blob/4-6-0-open/doc/CHANGES_v4.x.mdRelease NotesThird Party Advisory
- https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29Third Party Advisory
- https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504Vendor Advisory
- https://github.com/matrixssl/matrixssl/blob/4-6-0-open/doc/CHANGES_v4.x.mdRelease NotesThird Party Advisory
- https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29Third Party Advisory
- https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504Vendor Advisory
FAQ
What is CVE-2022-43974?
CVE-2022-43974 is a vulnerability with a CVSS score of 8.1 (HIGH). MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code executio...
How severe is CVE-2022-43974?
CVE-2022-43974 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43974?
Check the references section above for vendor advisories and patch information. Affected products include: Matrixssl Matrixssl.