CVE-2016-6887

Published: Jan 13, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.

Affected (1)

Products: Matrixssl: Matrixssl

Matrixssl

1 product

Matrixssl

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matrixssl Matrixssl	Up to 3.8.6

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.matrixssl.org/blog/releases/matrixssl_3_8_4

Source: cve@mitre.org

PatchVendor Advisory

https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html

Source: cve@mitre.org

Third Party Advisory

http://www.matrixssl.org/blog/releases/matrixssl_3_8_4

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.