cvelistv5 - cve-2017-2782

CVE-2017-2782 (GCVE-0-2017-2782)

Vulnerability from cvelistv5 – Published: 2017-06-22 21:00 – Updated: 2024-08-05 14:02

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE

Assigner

talos

References

URL

Tags

	http://www.securityfocus.com/bid/99249	vdb-entryx_refsource_BID
	https://talosintelligence.com/vulnerability_repor…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99249",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99249"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:22:03",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "99249",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99249"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2017-2782",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection"
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99249",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99249"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2017-2782",
    "datePublished": "2017-06-22T21:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T14:02:07.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matrixssl:matrixssl:3.8.7b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A99DF17-92D2-4887-BBDF-A26BC7DF07C2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de an\\u00e1lisis sint\\u00e1ctico de certificados X509 de InsideSecure MatrixSSL 3.8.7b. Un certificado x509 especialmente manipulado puede hacer que se desborde un contador de longitud, lo que desemboca en una operaci\\u00f3n controlada de copia fuera de l\\u00edmites. Para desencadenar esta vulnerabilidad, un certificado x509 especialmente manipulado debe presentarse al cliente o aplicaci\\u00f3n del servidor vulnerable al iniciar la conexi\\u00f3n segura.\"}]",
      "id": "CVE-2017-2782",
      "lastModified": "2024-11-21T03:24:08.583",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-22T21:29:00.277",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99249\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/99249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2782\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2017-06-22T21:29:00.277\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de an\u00e1lisis sint\u00e1ctico de certificados X509 de InsideSecure MatrixSSL 3.8.7b. Un certificado x509 especialmente manipulado puede hacer que se desborde un contador de longitud, lo que desemboca en una operaci\u00f3n controlada de copia fuera de l\u00edmites. Para desencadenar esta vulnerabilidad, un certificado x509 especialmente manipulado debe presentarse al cliente o aplicaci\u00f3n del servidor vulnerable al iniciar la conexi\u00f3n segura.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matrixssl:matrixssl:3.8.7b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A99DF17-92D2-4887-BBDF-A26BC7DF07C2\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99249\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/99249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2017-15854

Vulnerability from cnvd - Published: 2017-07-21

Title

Inside Secure MatrixSSL整数溢出漏洞

Description

Inside Secure MatrixSSL是法国Inside Secure公司的一个IoT应用工具包，它能够模块化的实现TLS和DTLS。 Inside Secure MatrixSSL 3.8.7b版本中的X509证书解析功能存在整数溢出漏洞。攻击者可借助特制的x509证书利用该漏洞造成越边界memcpy调用。

Severity

中

Patch Name

Inside Secure MatrixSSL整数溢出漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： http://www.matrixssl.org/

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278

Impacted products

Name
INSIDE Secure MatrixSSL 3.8.7b

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99249"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2782"
    }
  },
  "description": "Inside Secure MatrixSSL\u662f\u6cd5\u56fdInside Secure\u516c\u53f8\u7684\u4e00\u4e2aIoT\u5e94\u7528\u5de5\u5177\u5305\uff0c\u5b83\u80fd\u591f\u6a21\u5757\u5316\u7684\u5b9e\u73b0TLS\u548cDTLS\u3002\r\n\r\nInside Secure MatrixSSL 3.8.7b\u7248\u672c\u4e2d\u7684X509\u8bc1\u4e66\u89e3\u6790\u529f\u80fd\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684x509\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8d8a\u8fb9\u754cmemcpy\u8c03\u7528\u3002",
  "discovererName": "Aleksandar Nikolic of Cisco Talos",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.matrixssl.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-15854",
  "openTime": "2017-07-21",
  "patchDescription": "Inside Secure MatrixSSL\u662f\u6cd5\u56fdInside Secure\u516c\u53f8\u7684\u4e00\u4e2aIoT\u5e94\u7528\u5de5\u5177\u5305\uff0c\u5b83\u80fd\u591f\u6a21\u5757\u5316\u7684\u5b9e\u73b0TLS\u548cDTLS\u3002\r\n\r\nInside Secure MatrixSSL 3.8.7b\u7248\u672c\u4e2d\u7684X509\u8bc1\u4e66\u89e3\u6790\u529f\u80fd\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684x509\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8d8a\u8fb9\u754cmemcpy\u8c03\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Inside Secure MatrixSSL\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "INSIDE Secure MatrixSSL 3.8.7b"
  },
  "referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-26",
  "title": "Inside Secure MatrixSSL\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-GV8R-M42C-756R

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-22T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection",
  "id": "GHSA-gv8r-m42c-756r",
  "modified": "2022-05-13T01:01:28Z",
  "published": "2022-05-13T01:01:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2782"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201706-0487

Vulnerability from variot - Updated: 2023-12-18 12:29

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. InsideSecure MatrixSSL Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Inside Secure MatrixSSL is an IoT application toolkit from the French company Inside Secure, which can implement TLS and DTLS in a modular way. MatrixSSL is prone to multiple buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. MatrixSSL 3.8.7b is vulnerable; other versions may also be affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0487",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "matrixssl",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "matrixssl",
        "version": "3.8.7b"
      },
      {
        "model": "secure matrixssl 3.8.7b",
        "scope": null,
        "trust": 0.6,
        "vendor": "inside",
        "version": null
      },
      {
        "model": "3.8.7b",
        "scope": null,
        "trust": 0.3,
        "vendor": "matrixssl",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "db": "BID",
        "id": "99249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:matrixssl:matrixssl:3.8.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aleksandar Nikolic of Cisco Talos.",
    "sources": [
      {
        "db": "BID",
        "id": "99249"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2782",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-2782",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-15854",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.2,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2782",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2782",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2017-2782",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-15854",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-979",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. InsideSecure MatrixSSL Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Inside Secure MatrixSSL is an IoT application toolkit from the French company Inside Secure, which can implement TLS and DTLS in a modular way. MatrixSSL is prone to multiple buffer-overflow vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. \nMatrixSSL 3.8.7b is vulnerable; other versions may also be affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      },
      {
        "db": "BID",
        "id": "99249"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2782",
        "trust": 3.3
      },
      {
        "db": "TALOS",
        "id": "TALOS-2017-0278",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "99249",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979",
        "trust": 0.6
      },
      {
        "db": "TALOS",
        "id": "TALOS-2017-0277",
        "trust": 0.3
      },
      {
        "db": "TALOS",
        "id": "TALOS-2017-0276",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "db": "BID",
        "id": "99249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ]
  },
  "id": "VAR-201706-0487",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:29:34.948000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "GUARD TLS-TK, a compact TLS/DTLS stack for embedded security",
        "trust": 0.8,
        "url": "https://www.insidesecure.com/products/data-communication/secure-communication-toolkits/guard-tls-tk"
      },
      {
        "title": "Patch for Inside Secure MatrixSSL integer overflow vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/98514"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0278"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/99249"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2782"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2782"
      },
      {
        "trust": 0.3,
        "url": "http://www.matrixssl.org/index.html"
      },
      {
        "trust": 0.3,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0277"
      },
      {
        "trust": 0.3,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0276"
      },
      {
        "trust": 0.3,
        "url": "http://blog.talosintelligence.com/2017/06/matrixssl-multiple-vulns.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "db": "BID",
        "id": "99249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "db": "BID",
        "id": "99249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99249"
      },
      {
        "date": "2017-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "date": "2017-06-22T21:29:00.277000",
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-15854"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99249"
      },
      {
        "date": "2017-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      },
      {
        "date": "2022-04-19T19:15:20.273000",
        "db": "NVD",
        "id": "CVE-2017-2782"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "InsideSecure MatrixSSL Integer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005022"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-979"
      }
    ],
    "trust": 0.6
  }
}

GSD-2017-2782

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2782

Aliases

CVE-2017-2782

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2782",
    "description": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection",
    "id": "GSD-2017-2782"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2782"
      ],
      "details": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection",
      "id": "GSD-2017-2782",
      "modified": "2023-12-13T01:21:05.389308Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2017-2782",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection"
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 6.5,
          "baseSeverity": "Medium",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99249",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99249"
          },
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:matrixssl:matrixssl:3.8.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2017-2782"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
            },
            {
              "name": "99249",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99249"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2022-04-19T19:15Z",
      "publishedDate": "2017-06-22T21:29Z"
    }
  }
}

FKIE_CVE-2017-2782

Vulnerability from fkie_nvd - Published: 2017-06-22 21:29 - Updated: 2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Summary

References

URL	Tags
talos-cna@cisco.com	http://www.securityfocus.com/bid/99249	Third Party Advisory, VDB Entry
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99249	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	matrixssl	matrixssl	3.8.7b

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:matrixssl:matrixssl:3.8.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A99DF17-92D2-4887-BBDF-A26BC7DF07C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de an\u00e1lisis sint\u00e1ctico de certificados X509 de InsideSecure MatrixSSL 3.8.7b. Un certificado x509 especialmente manipulado puede hacer que se desborde un contador de longitud, lo que desemboca en una operaci\u00f3n controlada de copia fuera de l\u00edmites. Para desencadenar esta vulnerabilidad, un certificado x509 especialmente manipulado debe presentarse al cliente o aplicaci\u00f3n del servidor vulnerable al iniciar la conexi\u00f3n segura."
    }
  ],
  "id": "CVE-2017-2782",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.2,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-22T21:29:00.277",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99249"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2782 (GCVE-0-2017-2782)

CNVD-2017-15854

GHSA-GV8R-M42C-756R

VAR-201706-0487

GSD-2017-2782

FKIE_CVE-2017-2782

Tags

Sightings

Nomenclature