CVE-2019-14431

EUVD-2019-5630
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
matrixsslmatrixssl
3.8.2 ≤
𝑥
≤ 4.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
matrixssl
bionic
dne
disco
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/matrixssl/matrixssl/issues/30
https://github.com/matrixssl/matrixssl/issues/30