CVE-2017-1000415

Published: Jan 9, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.

Affected (1)

Products: Matrixssl: Matrixssl

Matrixssl

1 product

Matrixssl

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matrixssl Matrixssl	Version 3.7.2

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (4)

https://www.ieee-security.org/TC/SP2017/papers/231.pdf

Source: cve@mitre.org

Third Party Advisory

https://www.youtube.com/watch?v=FW--c_F_cY8

Source: cve@mitre.org

Third Party Advisory

https://www.ieee-security.org/TC/SP2017/papers/231.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.youtube.com/watch?v=FW--c_F_cY8

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.