Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Jun 2016 09:08:49 +0200
From: Hanno Böck <>
Subject: Re: CVE request: MatrixSSL lack of RSA-CRT hardening

On Mon, 27 Jun 2016 08:08:14 +0200
Florian Weimer <> wrote:

> (There are some other changes whose description suggests they would
> warrant CVE assignment as well, but I have not looked at those.)

This (from seems notable and probably deserves a CVE:

##Side Channel Vulnerability on RSA Cipher Suites
A Bleichenbacher variant attack, where certain information is leaked
from the results of a RSA private key operation has been reported by a
security researcher. The code has been updated to error without
providing any information on the premaster contents.

> Note that other side channel attacks may still be possible as
> MatrixSSL non-FIPS crypto is not always constant-time.

This also:
##Access Violation on Malicious TLS Record
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 could have an access
violation (read beyond memory) with a maliciously crafted message.

This is probably the same bug as described here:

OpenSSL is not alone. I found a similar problem in the MatrixSSL
library, see In that
case, unfortunately, a bad patch of Lucky 13 lead even to a buffer
overread vulnerability.

Hanno Böck


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ