Cyber Resilience

CVE-2022-43974

High

Published: 09 January 2023

Published
09 January 2023
Modified
06 March 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1279 94.2th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-43974 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Matrixssl Matrixssl. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 5.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

MatrixSSL versions 4.0.4 through 4.5.1 contain an integer overflow vulnerability (CWE-190) in the matrixSslDecodeTls13 function. The flaw resides in the library's TLS 1.3 message processing and can result in a buffer overflow when handling specially constructed input. The affected component is the open-source MatrixSSL cryptographic library used for TLS and DTLS implementations.

A remote attacker can exploit the issue by sending a crafted TLS message over the network. Successful exploitation may allow arbitrary code execution with impacts on confidentiality, integrity, and availability, although the CVSS vector indicates the attack requires high complexity and no privileges or user interaction.

The vulnerability is fixed in MatrixSSL 4.6.0 according to the project's changelog and the GitHub Security Advisory GHSA-fmwc-gwc5-2g29. Additional vendor guidance, including notices from Deutsche Telekom, recommends upgrading to the patched release to eliminate the integer overflow condition.

The associated EPSS score rose from lower values to a peak of 0.1885, indicating emerging exploitation interest after public disclosure.

EU & UK References

Vulnerability details

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

matrixssl
matrixssl
4.0.0 — 4.6.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References