MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Matrixssl | Matrixssl | 3.7.2 (including) | 3.7.2 (including) |
Matrixssl | Ubuntu | trusty | * |
Matrixssl | Ubuntu | upstream | * |