CVE-2022-46505

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/SmallTown123/details-for-CVE-2022-46505	Exploit Third Party Advisory
https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0	Permissions Required Vendor Advisory
https://github.com/SmallTown123/details-for-CVE-2022-46505	Exploit Third Party Advisory
https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-18 16:15

Updated : 2025-04-04 17:15

NVD link : CVE-2022-46505

Mitre link : CVE-2022-46505

CVE.ORG link : CVE-2022-46505

JSON object : View

Products Affected

matrixssl

matrixssl

CWE

CWE-665

Improper Initialization

{"id": "CVE-2022-46505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-18T16:15:11.320", "references": [{"url": "https://github.com/SmallTown123/details-for-CVE-2022-46505", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/SmallTown123/details-for-CVE-2022-46505", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-665"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-665"}]}], "descriptions": [{"lang": "en", "value": "An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data."}, {"lang": "es", "value": "Un problema en MatrixSSL 4.5.1-open y versiones anteriores provoca que no se pueda verificar de forma segura el campo SessionID, lo que resulta en el uso indebido de un MasterSecret completamente cero que puede descifrar datos secretos."}], "lastModified": "2025-04-04T17:15:47.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D077B93-95F0-4952-B97A-B62348C6DC04", "versionEndIncluding": "4.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}