Sign-up

ID

VAR-201706-0487


CVE

CVE-2017-2782


TITLE

InsideSecure MatrixSSL Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005022

DESCRIPTION

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. InsideSecure MatrixSSL Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Inside Secure MatrixSSL is an IoT application toolkit from the French company Inside Secure, which can implement TLS and DTLS in a modular way. MatrixSSL is prone to multiple buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. MatrixSSL 3.8.7b is vulnerable; other versions may also be affected

Trust: 2.97

sources: NVD: CVE-2017-2782 // JVNDB: JVNDB-2017-005022 // CNVD: CNVD-2017-15854 // CNNVD: CNNVD-201706-979 // BID: 99249

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-15854

AFFECTED PRODUCTS

vendor:matrixsslmodel:matrixsslscope:eqversion:3.8.7b

Trust: 2.4

vendor:insidemodel:secure matrixssl 3.8.7bscope: - version: -

Trust: 0.6

vendor:matrixsslmodel:3.8.7bscope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2017-15854 // BID: 99249 // JVNDB: JVNDB-2017-005022 // CNNVD: CNNVD-201706-979 // NVD: CVE-2017-2782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2782
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2782
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2782
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-15854
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-979
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2017-2782
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-15854
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2782
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-2782
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.2
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-15854 // JVNDB: JVNDB-2017-005022 // CNNVD: CNNVD-201706-979 // NVD: CVE-2017-2782 // NVD: CVE-2017-2782

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2017-005022 // NVD: CVE-2017-2782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-979

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201706-979

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005022

PATCH
title:GUARD TLS-TK, a compact TLS/DTLS stack for embedded securityurl:https://www.insidesecure.com/Products/Data-Communication/Secure-Communication-Toolkits/GUARD-TLS-TK
Trust: 0.8
title:Patch for Inside Secure MatrixSSL integer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/98514
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-15854 // 
            
            
            
            JVNDB: JVNDB-2017-005022

EXTERNAL IDS
db:NVDid:CVE-2017-2782
Trust: 3.3
db:TALOSid:TALOS-2017-0278
Trust: 3.3
db:BIDid:99249
Trust: 2.5
db:JVNDBid:JVNDB-2017-005022
Trust: 0.8
db:CNVDid:CNVD-2017-15854
Trust: 0.6
db:CNNVDid:CNNVD-201706-979
Trust: 0.6
db:TALOSid:TALOS-2017-0277
Trust: 0.3
db:TALOSid:TALOS-2017-0276
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-15854 // 
            
            
            
            BID: 99249 // 
            
            
            
            JVNDB: JVNDB-2017-005022 // 
            
            
            
            CNNVD: CNNVD-201706-979 // 
            
            
            
            NVD: CVE-2017-2782

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0278
Trust: 3.3
url:http://www.securityfocus.com/bid/99249
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2782
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2782
Trust: 0.8
url:http://www.matrixssl.org/index.html
Trust: 0.3
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0277
Trust: 0.3
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0276
Trust: 0.3
url:http://blog.talosintelligence.com/2017/06/matrixssl-multiple-vulns.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-15854 // 
            
            
            
            BID: 99249 // 
            
            
            
            JVNDB: JVNDB-2017-005022 // 
            
            
            
            CNNVD: CNNVD-201706-979 // 
            
            
            
            NVD: CVE-2017-2782

CREDITS
Aleksandar Nikolic of Cisco Talos.
Trust: 0.3
sources:
            
            
            BID: 99249

SOURCES
db:CNVDid:CNVD-2017-15854
db:BIDid:99249
db:JVNDBid:JVNDB-2017-005022
db:CNNVDid:CNNVD-201706-979
db:NVDid:CVE-2017-2782

LAST UPDATE DATE
2024-11-23T21:40:58.256000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-15854date:2017-07-21T00:00:00
db:BIDid:99249date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-005022date:2017-07-13T00:00:00
db:CNNVDid:CNNVD-201706-979date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2782date:2024-11-21T03:24:08.583

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-15854date:2017-07-21T00:00:00
db:BIDid:99249date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-005022date:2017-07-13T00:00:00
db:CNNVDid:CNNVD-201706-979date:2017-06-23T00:00:00
db:NVDid:CVE-2017-2782date:2017-06-22T21:29:00.277