Headline
CVE-2022-43974: Buffer Overflow in MatrixSSL
MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.
VulnerabilityDescription
A buffer overflow could occur wherein an attacker could via a network connection overwrite the data in RAM of a server running MatrixSSL (TLS Toolkit).Using a specially crafted packet it is possible to fool the TLS1.3 ‘change cipher spec’ processing to cause an integer overflow. The problem exists in the implementation of the matrixSslDecodeTls13() function in all MatrixSSL (TLS Toolkit) versions that support TLS1.3.
Impact
This vulnerability has been demonstrated to be usable for a denial-of-service attack. Additionally it might be possible for an attacker to exploit this vulnerability to install and execute malicious code.
Patches
Fixed version can be found in MatrixSSL 4.6.0
Workarounds
Disable TLS1.3 support.
Credits
The vulnerability was discovered by Robert Hörr and Alissar Ibrahim, Security Evaluators of the Telekom Security Evaluation Facility
Related news
Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.