Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-1000415

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.

Published

2018-01-09T20:29:00.207

Last Modified

2024-11-21T03:04:41.307

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	matrixssl	matrixssl	3.7.2	Yes

References

https://www.ieee-security.org/TC/SP2017/papers/231.pdf Third Party Advisory ([email protected])
https://www.youtube.com/watch?v=FW--c_F_cY8 Third Party Advisory ([email protected])
https://www.ieee-security.org/TC/SP2017/papers/231.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.youtube.com/watch?v=FW--c_F_cY8 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)