Rambus

rambus

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Safezone Basic Crypto Module

safezone_basic_crypto_module

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-24609 2Matrixssl Rambus 2Matrixssl Tls Toolkit Nov 21, 2024 Dec 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at...Show more Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.Show less
CVE-2022-26320 3Canon FujifilmRambus 92Apeos C3070 Firmware Apeos C3070 G FirmwareApeos C325 Dw Firmware+89 more Nov 21, 2024 Mar 14, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many othe...Show more The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-24609

2Matrixssl

Rambus

2Matrixssl

Tls Toolkit

Nov 21, 2024

Dec 22, 2023

N/A· v4

7.5 HIGH· v3

N/A· v2

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.Show less

CVE-2022-26320

3Canon

FujifilmRambus

92Apeos C3070 Firmware

Apeos C3070 G FirmwareApeos C325 Dw Firmware+89 more

Nov 21, 2024

Mar 14, 2022

N/A· v4

9.1 CRITICAL· v3

6.4 MEDIUM· v2

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.Show less