CVE-2017-1000415
UnknownEPSS 0.48%
Last modified
CVE-2017-1000415 is a vulnerability of currently unknown severity. MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Matrixssl | Matrixssl | 3.7.2 |
References
- https://www.ieee-security.org/TC/SP2017/papers/231.pdfThird Party Advisory
- https://www.youtube.com/watch?v=FW--c_F_cY8Third Party Advisory
- https://www.ieee-security.org/TC/SP2017/papers/231.pdfThird Party Advisory
- https://www.youtube.com/watch?v=FW--c_F_cY8Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1000415?
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.
How severe is CVE-2017-1000415?
Severity scoring for CVE-2017-1000415 is pending analysis. The EPSS model estimates a 0.48% probability of exploitation in the next 30 days.
How do I fix CVE-2017-1000415?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-1000415?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST