Integer Overflow in matrixSslDecodeTls13: Remote Code Execution Vulnerability

Integer Overflow in matrixSslDecodeTls13: Remote Code Execution Vulnerability

CVE-2022-43974 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.

Learn more about our Web Application Penetration Testing UK.