Date: Mon, 27 Jun 2016 08:08:14 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: CVE request: MatrixSSL lack of RSA-CRT hardening MatrixSSL 3.8.3 comes with this fix: <https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation> I think this warrants a CVE ID because RSA-CRT key leaks from MatrixSSL have been observed in practice. (I'm not sure if the contributing factor was a bug in the MatrixSSL bignum routines, or defective hardware.) (There are some other changes whose description suggests they would warrant CVE assignment as well, but I have not looked at those.)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ