MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.
References
Link | Resource |
---|---|
https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md | Release Notes |
https://www.ieee-security.org/TC/SP2017/papers/231.pdf | Technical Description Third Party Advisory |
https://www.youtube.com/watch?v=FW--c_F_cY8 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-01-22 23:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-1000417
Mitre link : CVE-2017-1000417
CVE.ORG link : CVE-2017-1000417
JSON object : View
Products Affected
matrixssl
- matrixssl
CWE
CWE-295
Improper Certificate Validation