{"id":62195,"date":"2022-12-19T12:52:56","date_gmt":"2022-12-19T20:52:56","guid":{"rendered":"https:\/\/www.rambus.com\/?page_id=62195"},"modified":"2023-07-07T16:01:18","modified_gmt":"2023-07-07T23:01:18","slug":"rmbs-2022-01","status":"publish","type":"page","link":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/","title":{"rendered":"Buffer Overflow in MatrixSSL (TLS Toolkit)"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"62195\" class=\"elementor elementor-62195\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a82992d elementor-section-stretched elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a82992d\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4a1c3ec\" data-id=\"4a1c3ec\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9b0ae4f elementor-widget elementor-widget-breadcrumbs\" data-id=\"9b0ae4f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"breadcrumbs.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p id=\"breadcrumbs\"><span><span><a href=\"https:\/\/www.rambus.com\/\">Home<\/a><\/span><\/span><\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6d168ab elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6d168ab\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5afecdf\" data-id=\"5afecdf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8cf175a elementor-widget elementor-widget-text-editor\" data-id=\"8cf175a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<table><tbody><tr><td width=\"30%\"><strong>Title<\/strong><\/td><td>Buffer Overflow in MatrixSSL (TLS Toolkit)<\/td><\/tr><tr><td><strong>Rambus Tracking ID<\/strong><\/td><td>RMBS-2022-01<\/td><\/tr><tr><td><strong>CVE (if applicable)<\/strong><\/td><td><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-43974\" target=\"_blank\" rel=\"noopener\">CVE-2022-43974<\/a><\/td><\/tr><tr><td><strong>Publication Date<br \/>(YYYY-MM-DD)<\/strong><\/td><td>2022-12-29<\/td><\/tr><\/tbody><\/table><p><strong>Background<\/strong><br \/>A security vulnerability has been identified in the Rambus TLS Toolkit software and MatrixSSL (TLS Toolkit), formerly from Inside Secure. A patch which remediates the vulnerability is available and has been distributed to existing customers that are affected.<\/p><p><strong>Vulnerability<\/strong> <strong>Description<\/strong><br \/>A buffer overflow could occur wherein an attacker could overwrite the data in RAM of a server running MatrixSSL (TLS Toolkit) via a network connection.<\/p><p>Using a specially crafted packet, it is possible to fool the TLS1.3 \u2018change cipher spec\u2019 processing to cause an integer overflow. The problem exists in the implementation of the matrixSslDecodeTls13() function in all MatrixSSL (TLS Toolkit) versions that support TLS1.3.<\/p><p><strong>Severity Level<\/strong><br \/>This is considered a Critical bug.<\/p><p><strong>Impact<\/strong><br \/>An attacker could possibly exploit this vulnerability to install and execute malicious code. This vulnerability could also be used for denial-of-service attack.<\/p><p><b>Affected Products<\/b><\/p><table width=\"100%\"><tbody><tr><td width=\"35%\"><span style=\"font-weight: bold;\">Product Name<\/span><\/td><td>Versions<\/td><\/tr><tr><td>MatrixSSL (TLS Toolkit)<\/td><td>4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.4.0, 4.5.0, 4.5.1, 4.5.2, 4.5.3 (if TLS1.3 is enabled)<\/td><\/tr><tr><td>SafeZone FIPS140-2 Complete<\/td><td>10.5.0, 10.5.1, 10.5.2, 10.5.3<br \/>if MatrixSSL is used and TLS1.3 is enabled<\/td><\/tr><tr><td>SafeZone FIPS140-3 Complete<\/td><td>10.5.0, 10.5.1, 10.5.2, 10.5.3<br \/>if MatrixSSL is used and TLS1.3 is enabled<\/td><\/tr><tr><td>SafeZone FIPS SW Toolkit<\/td><td>10.3.0, 10.4.0<br \/>if MatrixSSL is used and TLS1.3 is enabled<\/td><\/tr><tr><td>Inside Secure FIPS SW Toolkit<\/td><td>10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1 10.2.2<br \/>if MatrixSSL is used and TLS1.3 is enabled<\/td><\/tr><tr><td>SafeZone FIPS SW Toolkit FIPS_140-3_rc3<\/td><td>10.4.x if MatrixSSL is used and TLS1.3 is enabled<\/td><\/tr><tr><td>TLS FIPS Toolkit<\/td><td>4.3.0, 4.4.0, 4.5.0, 4.5.1, 4.5.2, 4.5.3 (if TLS1.3 is enabled)<\/td><\/tr><\/tbody><\/table><p><b>Unaffected Products<\/b><\/p><table style=\"width: 1140px;\" width=\"100%\"><tbody><tr><td width=\"30%\"><span style=\"font-weight: bold;\">Product Name<\/span><\/td><td>Versions<\/td><\/tr><tr><td>MatrixSSL (TLS Toolkit)<\/td><td>3.x and before<\/td><\/tr><tr><td>SafeZone FIPS SW Toolkit<\/td><td>9.x and before<\/td><\/tr><\/tbody><\/table><p><strong>Remediation<\/strong><br \/>Rambus has developed patched versions of MatrixSSL (TLS Toolkit) that addresses the vulnerability. The patch adds a check to the \u2018change cipher spec\u2019 processing so that buffer overflow will not happen, instead the connection is closed.<\/p><p><strong>Action Taken<\/strong><br \/>Rambus is providing an update that fixes security issues in MatrixSSL. As this is a critical issue, Rambus will pre-notify TLS Toolkit customers directly and provide a patch before publishing the MatrixSSL update.<\/p><p>An updated package \u2013 version 4.6.0 \u2013 released in GitHub on 29th December 2022. (<a href=\"https:\/\/github.com\/matrixssl\/matrixssl\">https:\/\/github.com\/matrixssl\/matrixssl<\/a>)<\/p><p>No further information about the issues will be provided.<\/p><p><strong>Acknowledgement<\/strong><br \/>The <a href=\"https:\/\/www.telekom.com\/en\/company\/data-privacy-and-security\/news\/advisories-504842\" target=\"_blank\" rel=\"noopener\">vulnerability<\/a> was found by Robert H\u00f6rr and Alissar Ibrahim, Security Evaluators of the Telekom Security Evaluation Facility.<\/p><p>For any inquiries, please <a href=\"https:\/\/www.rambus.com\/contact\/\">contact<\/a> Rambus.<\/p><p><strong>Revision History<\/strong><\/p><table><tbody><tr><td width=\"85\"><strong>Version<\/strong><\/td><td width=\"240\"><strong>Description<\/strong><\/td><td width=\"156\"><strong>Status<\/strong><\/td><td width=\"143\"><strong>Date (YYYY-MM-DD)<\/strong><\/td><\/tr><tr><td width=\"85\">1.0<\/td><td width=\"240\">Initial Public Release<\/td><td width=\"156\">Completed<\/td><td width=\"143\">2022-12-29<\/td><\/tr><\/tbody><\/table><p><strong>Legal Disclosure<\/strong><br \/>The patch described herein was developed as a workaround\/solution to a recently-identified vulnerability and has received limited testing.\u00a0 Consequently, THIS PATCH IS PROVIDED \u201cAS IS.\u201d RAMBUS MAKES NO WARRANTY NOR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS PATCH, NOR DOES IT WARRANT THAT THIS PATCH IS ERROR FREE. \u00a0RAMBUS DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Title Buffer Overflow in MatrixSSL (TLS Toolkit) Rambus Tracking ID RMBS-2022-01 CVE (if applicable) CVE-2022-43974 Publication Date(YYYY-MM-DD) 2022-12-29 BackgroundA security vulnerability has been identified in the Rambus TLS Toolkit software and MatrixSSL (TLS Toolkit), formerly from Inside Secure. A patch which remediates the vulnerability is available and has been distributed to existing customers that are [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"parent":62164,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-full.php","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":"","_links_to":"","_links_to_target":""},"tags":[26324],"class_list":{"0":"post-62195","1":"page","2":"type-page","3":"status-publish","5":"tag-exclude","6":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Buffer Overflow in MatrixSSL (TLS Toolkit) - Rambus<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Buffer Overflow in MatrixSSL (TLS Toolkit)\" \/>\n<meta property=\"og:description\" content=\"TitleBuffer Overflow in MatrixSSL (TLS Toolkit)Rambus Tracking IDRMBS-2022-01CVE (if applicable)CVE-2022-43974Publication\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/\" \/>\n<meta property=\"og:site_name\" content=\"Rambus\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RambusInc\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-07T23:01:18+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@rambusinc\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/\",\"url\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/\",\"name\":\"Buffer Overflow in MatrixSSL (TLS Toolkit) - Rambus\",\"isPartOf\":{\"@id\":\"https:\/\/www.rambus.com\/#website\"},\"datePublished\":\"2022-12-19T20:52:56+00:00\",\"dateModified\":\"2023-07-07T23:01:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.rambus.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security IP\",\"item\":\"https:\/\/www.rambus.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Response Center\",\"item\":\"https:\/\/www.rambus.com\/security\/response-center\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Security Advisories\",\"item\":\"https:\/\/www.rambus.com\/security\/response-center\/advisories\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Buffer Overflow in MatrixSSL (TLS Toolkit)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.rambus.com\/#website\",\"url\":\"https:\/\/www.rambus.com\/\",\"name\":\"Rambus\",\"description\":\"At Rambus, we create cutting-edge semiconductor and IP products, providing industry-leading chips and silicon IP to make data faster and safer.\",\"publisher\":{\"@id\":\"https:\/\/www.rambus.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.rambus.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.rambus.com\/#organization\",\"name\":\"Rambus\",\"url\":\"https:\/\/www.rambus.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png\",\"contentUrl\":\"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png\",\"width\":200,\"height\":62,\"caption\":\"Rambus\"},\"image\":{\"@id\":\"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RambusInc\",\"https:\/\/x.com\/rambusinc\",\"https:\/\/www.linkedin.com\/company\/rambus\",\"https:\/\/www.youtube.com\/user\/RambusWeb\"],\"description\":\"Rambus is a provider of industry-leading chips and silicon IP.\",\"email\":\"ebiz@rambus.com\",\"telephone\":\"+1-408-462-8000\",\"legalName\":\"Rambus Inc.\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"501\",\"maxValue\":\"1000\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Buffer Overflow in MatrixSSL (TLS Toolkit) - Rambus","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/","og_locale":"en_US","og_type":"article","og_title":"Buffer Overflow in MatrixSSL (TLS Toolkit)","og_description":"TitleBuffer Overflow in MatrixSSL (TLS Toolkit)Rambus Tracking IDRMBS-2022-01CVE (if applicable)CVE-2022-43974Publication","og_url":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/","og_site_name":"Rambus","article_publisher":"https:\/\/www.facebook.com\/RambusInc","article_modified_time":"2023-07-07T23:01:18+00:00","twitter_card":"summary_large_image","twitter_site":"@rambusinc","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/","url":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/","name":"Buffer Overflow in MatrixSSL (TLS Toolkit) - Rambus","isPartOf":{"@id":"https:\/\/www.rambus.com\/#website"},"datePublished":"2022-12-19T20:52:56+00:00","dateModified":"2023-07-07T23:01:18+00:00","breadcrumb":{"@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/rmbs-2022-01\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rambus.com\/"},{"@type":"ListItem","position":2,"name":"Security IP","item":"https:\/\/www.rambus.com\/security\/"},{"@type":"ListItem","position":3,"name":"Security Response Center","item":"https:\/\/www.rambus.com\/security\/response-center\/"},{"@type":"ListItem","position":4,"name":"Security Advisories","item":"https:\/\/www.rambus.com\/security\/response-center\/advisories\/"},{"@type":"ListItem","position":5,"name":"Buffer Overflow in MatrixSSL (TLS Toolkit)"}]},{"@type":"WebSite","@id":"https:\/\/www.rambus.com\/#website","url":"https:\/\/www.rambus.com\/","name":"Rambus","description":"At Rambus, we create cutting-edge semiconductor and IP products, providing industry-leading chips and silicon IP to make data faster and safer.","publisher":{"@id":"https:\/\/www.rambus.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rambus.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rambus.com\/#organization","name":"Rambus","url":"https:\/\/www.rambus.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png","contentUrl":"https:\/\/www.rambus.com\/wp-content\/uploads\/2025\/09\/Rambus_Logo.png","width":200,"height":62,"caption":"Rambus"},"image":{"@id":"https:\/\/www.rambus.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RambusInc","https:\/\/x.com\/rambusinc","https:\/\/www.linkedin.com\/company\/rambus","https:\/\/www.youtube.com\/user\/RambusWeb"],"description":"Rambus is a provider of industry-leading chips and silicon IP.","email":"ebiz@rambus.com","telephone":"+1-408-462-8000","legalName":"Rambus Inc.","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"501","maxValue":"1000"}}]}},"_links":{"self":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages\/62195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/comments?post=62195"}],"version-history":[{"count":0,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages\/62195\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/pages\/62164"}],"wp:attachment":[{"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/media?parent=62195"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rambus.com\/wp-json\/wp\/v2\/tags?post=62195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}