CVE-2017-1000417

NONE EPSS 47.0%
Published Jan 22, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 22, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.

Threat Intelligence

EPSS Exploit Probability
47.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-295

Affected Products 1

VendorProductVersionRange
matrixsslmatrixssl3.7.2any

References 3

  • github.com https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md
    Release Notes
  • ieee-security.org https://www.ieee-security.org/TC/SP2017/papers/231.pdf
    Technical DescriptionThird Party Advisory
  • youtube.com https://www.youtube.com/watch?v=FW--c_F_cY8
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.