CVE-2022-43974

moderate-risk
Published 2023-01-09

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.

Do I need to act?

!
15.3% chance of exploitation in next 30 days
EPSS score — higher than 85% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Matrixssl

References (6)

Release Notes https://github.com/matrixssl/matrixssl/blob/4-6-0-open/doc/CHANGES_v4.x.md
Third Party Advisory https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29
Vendor Advisory https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504...
Release Notes https://github.com/matrixssl/matrixssl/blob/4-6-0-open/doc/CHANGES_v4.x.md
Third Party Advisory https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29
Vendor Advisory https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504...
42
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 13/34 · Low
Exposure 5/34 · Minimal