MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities.
CWE-122: Heap-based Buffer Overflow - CVE-2016-6890
The Subject Alt Name field of X.509 certificates is not properly parsed. A specially crafted certificate may result in a heap-based buffer overflow and arbitrary code execution.
By causing a server to parse a specially crafted X.509 certificate, a remote, unauthenticated attacker may be able to create a denial of service condition or execute arbitrary code in the context of the SSL stack.
Apply an update
Thanks to Craig Young of Tripwire for reporting these vulnerabilities.