CVE-2019-16747

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.

Ссылки

https://github.com/matrixssl/matrixssl/blob/4-2-2-open/doc/CHANGES_v4.x.md
Release Notes
Third Party Advisory
https://github.com/matrixssl/matrixssl/issues/33
Exploit
Third Party Advisory
https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open
Third Party Advisory
https://github.com/matrixssl/matrixssl/blob/4-2-2-open/doc/CHANGES_v4.x.md
Release Notes
Third Party Advisory
https://github.com/matrixssl/matrixssl/issues/33
Exploit
Third Party Advisory
https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*

Версия до 4.2.2 (исключая)

EPSS

Процентиль: 61%

0.00408

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2019-16747

CVSS3: 7.5

ubuntu

около 5 лет назад

CVE-2019-16747

CVSS3: 7.5

debian

около 5 лет назад

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an inval ...

GHSA-g7fc-v5jh-qw54

github

больше 3 лет назад

EPSS

Процентиль: 61%

0.00408

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-787