CVE-2019-10914
NONE EPSS 69.8%
Published Apr 8, 20197y ago · Modified Jun 17, 20262w ago
Published Apr 8, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
Threat Intelligence
EPSS Exploit Probability
69.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-295
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| matrixssl | matrixssl | * | ≤4.0.2 |
References 4
- bugs.chromium.org https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
- github.com https://github.com/matrixssl/matrixssl/issues/26
- github.com https://github.com/matrixssl/matrixssl/releases/tag/4-0-2-open
- openwall.com https://www.openwall.com/lists/oss-security/2019/02/15/1
Remediation
- bugs.chromium.org https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
- github.com https://github.com/matrixssl/matrixssl/issues/26