Skip to content

MatrixSSL 4.0.2 Open

Compare
Choose a tag to compare
@matrixssl-admin matrixssl-admin released this 21 Feb 10:48
· 10 commits to master since this release

This version fixes a critical vulnerability in RSA signature verification. A maliciously crafted certificate can be used to trigger a stack buffer overflow, allowing potential remote code execution attacks. The vulnerability only affects version 4.0.1 and the standard Matrix Crypto provider. Other providers, such as the FIPS crypto provider, are not affected by the bug. Thanks to Tavis Ormandy for reporting this.