MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.
References
Link | Resource |
---|---|
https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md | Release Notes |
https://www.ieee-security.org/TC/SP2017/papers/231.pdf | Technical Description Third Party Advisory |
https://www.youtube.com/watch?v=FW--c_F_cY8 | Third Party Advisory |
https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md | Release Notes |
https://www.ieee-security.org/TC/SP2017/papers/231.pdf | Technical Description Third Party Advisory |
https://www.youtube.com/watch?v=FW--c_F_cY8 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md - Release Notes | |
References | () https://www.ieee-security.org/TC/SP2017/papers/231.pdf - Technical Description, Third Party Advisory | |
References | () https://www.youtube.com/watch?v=FW--c_F_cY8 - Third Party Advisory |
Information
Published : 2018-01-22 23:29
Updated : 2024-11-21 03:04
NVD link : CVE-2017-1000417
Mitre link : CVE-2017-1000417
CVE.ORG link : CVE-2017-1000417
JSON object : View
Products Affected
matrixssl
- matrixssl
CWE
CWE-295
Improper Certificate Validation