Home > Vulnerability Database > CVE-2022-43974

Mend.io Vulnerability Database

CVE-2022-43974

Good to know:

Date: January 9, 2023

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.

Language: C

Severity Score

9.8

Related Resources (5)

Url: https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29

Url: https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-43974

Url: https://github.com/matrixssl/matrixssl/blob/4-6-0-open/doc/CHANGES_v4.x.md

Url: https://www.mend.io/vulnerability-database/CVE-2022-43974

Severity Score

9.8

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version 4-6-0-open

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-43974

Good to know:

Date: January 9, 2023

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?