MidnightBSD

Advisories for rambus

CVE-2022-26320 MEDIUM

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
fujifilm docuprint_3205_d_firmware *
fujifilm apeosport-vii_c3373_firmware *
fujifilm apeos_c6580_firmware *
fujifilm apeosport_2560_firmware *
fujifilm apeos_c3570_g_firmware *
fujifilm apeos_c5570_g_firmware *
fujifilm docuprint_3208_d_firmware *
fujifilm apeosport_c3060_firmware *
fujifilm apeosport_c7070_firmware *
fujifilm docuprint_c2555_d_firmware *
fujifilm apeos_c4570_firmware *
fujifilm apeosport_3560_firmware *
fujifilm apeospro_c750_firmware *
rambus safezone_basic_crypto_module *
fujifilm apeos_c4570_g_firmware *
canon imagerunner_firmware *
fujifilm apeosport_c2560_g_firmware *
fujifilm apeosport-vii_5021_firmware *
fujifilm apeos_c3570_firmware *
fujifilm apeosport-vii_c5588_firmware *
fujifilm docucentre-vii_c7773_firmware *
fujifilm apeospro_c810_firmware *
fujifilm apeosport_5570_g_firmware *
fujifilm primelink_c9065_firmware *
fujifilm apeosport_4570_g_firmware *
fujifilm apeosport-vii_c3372_firmware *
fujifilm docucentre-vii_c2273_firmware *
fujifilm apeos_c3070_firmware *
fujifilm apeosport_2560_g_firmware *
fujifilm apeosport_3060_g_firmware *
fujifilm apeosprint_c325_dw_firmware *
fujifilm apeos_c7070_firmware *
fujifilm apeosport_3060_firmware *
fujifilm docucentre-vii_c4473_firmware *
fujifilm apeosport-vii_c4473_firmware *
fujifilm apeos_c8180_firmware *
fujifilm docuprint_3505_d_firmware *
fujifilm apeos_c325_z_firmware *
fujifilm apeosport_c3570_g_firmware *
fujifilm apeospro_c650_firmware *
fujifilm apeos_c7580_firmware *
fujifilm apeosport_c3570_firmware *
fujifilm apeosport_c3070_g_firmware *
fujifilm apeosport_c2560_firmware *
fujifilm docuprint_4405_d_firmware *
fujifilm apeosport-vii_c6773_firmware *
fujifilm apeosport-vii_cp4421_firmware *
fujifilm docucentre-vii_c6688_firmware *
fujifilm apeos_c3070_g_firmware *
fujifilm apeos_c328_df_firmware *
fujifilm apeosport-vii_c2273_firmware *
fujifilm primelink_c9070_firmware *
fujifilm apeosport_c6570_firmware *
fujifilm apeos_c6570_g_firmware *
fujifilm docuprint_4408_d_firmware *
fujifilm docucentre-vii_c3373_firmware *
fujifilm apeosport_c5570_g_firmware *
fujifilm apeosprint_c328_dw_firmware *
fujifilm docucentre-vii_c5573_firmware *
fujifilm docucentre-vii_c3372_firmware *
fujifilm apeos_c6570_firmware *
fujifilm apeosprint_c328_firmware *
fujifilm docuprint_3508_d_firmware *
fujifilm docuprint_c3555_d_firmware *
fujifilm apeosport_c4570_g_firmware *
fujifilm docucentre-vii_c6673_firmware *
fujifilm apeosport-vii_p4021_firmware *
fujifilm apeosport-vii_c7773_firmware *
fujifilm apeosport_c3070_firmware *
fujifilm apeosport-vii_4021_firmware *
fujifilm apeosport_c2060_g_firmware *
fujifilm apeosport_4570_firmware *
fujifilm apeos_c328_dw_firmware *
fujifilm apeosport_c7070_g_firmware *
fujifilm apeosport_5570_firmware *
fujifilm apeosport-vii_c4421_firmware *
fujifilm docucentre-vii_c7788_firmware *
fujifilm apeosport_c4570_firmware *
fujifilm apeos_c5570_firmware *
fujifilm apeosport_c6570_g_firmware *
fujifilm apeosport_print_c5570_firmware *
fujifilm apeosport-vii_c5573_firmware *
fujifilm apeosport_c2060_firmware *
fujifilm docucentre-vii_c5588_firmware *
fujifilm apeosport_3560_g_firmware *
fujifilm apeosport-vii_c7788_firmware *
canon imageprograf_firmware *
fujifilm apeosport_c5570_firmware *
fujifilm apeos_c325_dw_firmware *
fujifilm apeosport-vii_c3321_firmware *
fujifilm apeosport-vii_c6688_firmware *
fujifilm apeos_c7070_g_firmware *
CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
rambus tls_toolkit -
matrixssl matrixssl *