CVE-2016-8671

Published: Jan 13, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.

Affected (1)

Products: Matrixssl: Matrixssl

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matrixssl Matrixssl	Up to 3.8.6

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.openwall.com/lists/oss-security/2016/10/15/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/10/15/8

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/95439

Source: cve@mitre.org

https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-CVE-2016-8671%2C-incomplete-fix-for-CVE-2016-6887.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/10/15/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/10/15/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/95439

Source: af854a3a-2127-422b-91ae-364da2661108

https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-CVE-2016-8671%2C-incomplete-fix-for-CVE-2016-6887.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.