Vulnerability Name: | CVE-2016-6890 (CCN-117705) | ||||||||||||
Assigned: | 2016-10-11 | ||||||||||||
Published: | 2016-10-11 | ||||||||||||
Updated: | 2017-01-06 | ||||||||||||
Summary: | Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. | ||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-6890 Source: CCN Type: US-CERT VU#396440 MatrixSSL contains multiple vulnerabilities Source: CCN Type: MatrixSSL Web Site MatrixSSL 3.8.6 Source: BID Type: Third Party Advisory, VDB Entry 93498 Source: MISC Type: Technical Description, Third Party Advisory http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices/ Source: XF Type: UNKNOWN matrixssl-cve20166890-bo(117705) Source: CONFIRM Type: Patch, Release Notes, Third Party Advisory https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#396440 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |