These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-8671 is a MatrixSSL vulnerability in the pstm_exptmod modular exponentiation function affecting MatrixSSL 3.8.6 and earlier. According to the CVE record, the bug could let remote attackers predict secret key material through unspecified vectors. The issue was described as the result of an incomplete fix for CVE-2016-6887, so organizations that patched only the earlier problem should verify they a [truncated]
CVE-2016-6887 is a MatrixSSL cryptographic weakness published on 2017-01-13. According to the NVD record, MatrixSSL 3.8.6 and earlier are affected by an incorrect modular exponentiation implementation in pstm_exptmod, which could allow a remote attacker to predict a secret key via a CRT attack. The issue is network-reachable, confidentiality-impacting, and has no integrity or availability impact listed in [truncated]
CVE-2016-6886 affects MatrixSSL before 3.8.4 and can let a remote attacker trigger a crash during RSA key exchange. The issue is an invalid memory read in pstm_reverse, reached with a zero value or the key's modulus for the secret key. NVD rates the impact as high availability loss, and the vendor reference points to MatrixSSL 3.8.4 as the fix.
CVE-2016-6885 is a denial-of-service flaw in MatrixSSL before 3.8.4. According to the NVD record, the pstm_exptmod function can hit an invalid free and crash when modular exponentiation is given a base zero value. The result is an availability impact only, but it is remotely reachable and rated HIGH in the NVD entry.