Skip to content

Buffer Overflow in MatrixSSL

Critical
matrixssl-admin published GHSA-fmwc-gwc5-2g29 Jan 2, 2023

Package

No package listed

Affected versions

< 4.6.0

Patched versions

4.6.0

Description

VulnerabilityDescription

A buffer overflow could occur wherein an attacker could via a network connection overwrite the data in RAM of a server running MatrixSSL (TLS Toolkit).Using a specially crafted packet it is possible to fool the TLS1.3 ‘change cipher spec’ processing to cause an integer overflow. The problem exists in the implementation of the matrixSslDecodeTls13() function in all MatrixSSL (TLS Toolkit) versions that support TLS1.3.

Impact

This vulnerability has been demonstrated to be usable for a denial-of-service attack. Additionally it might be possible for an attacker to exploit this vulnerability to install and execute malicious code.

Patches

Fixed version can be found in MatrixSSL 4.6.0

Workarounds

Disable TLS1.3 support.

Credits

The vulnerability was discovered by Robert Hörr and Alissar Ibrahim, Security Evaluators of the Telekom Security Evaluation Facility

Severity

Critical
9.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID

CVE-2022-43974

Weaknesses