All the vulnerabilites related to polarssl - polarssl
cve-2012-2130
Vulnerability from cvelistv5
Published
2019-12-06 17:13
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-2130 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130 | x_refsource_MISC | |
| https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130 | x_refsource_MISC | |
| http://security.gentoo.org/glsa/glsa-201310-10.xml | x_refsource_MISC | |
| http://www.securityfocus.com/bid/53610 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75726 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-10.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polarssl",
"vendor": "polarssl",
"versions": [
{
"status": "affected",
"version": "0.99pre4 through 1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "weak key generation in 0.99pre4 throught to 1.1.1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T17:13:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-10.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/53610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polarssl",
"version": {
"version_data": [
{
"version_value": "0.99pre4 through 1.1.1"
}
]
}
}
]
},
"vendor_name": "polarssl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "weak key generation in 0.99pre4 throught to 1.1.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2130",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2130"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130"
},
{
"name": "http://security.gentoo.org/glsa/glsa-201310-10.xml",
"refsource": "MISC",
"url": "http://security.gentoo.org/glsa/glsa-201310-10.xml"
},
{
"name": "http://www.securityfocus.com/bid/53610",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/53610"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2130",
"datePublished": "2019-12-06T17:13:26",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1923
Vulnerability from cvelistv5
Published
2012-06-20 17:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf | x_refsource_MISC | |
| http://polarssl.org/trac/wiki/SecurityAdvisory201101 | x_refsource_CONFIRM | |
| http://www.nessus.org/plugins/index.php?view=single&id=53360 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/46670 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://polarssl.org/trac/wiki/SecurityAdvisory201101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360"
},
{
"name": "46670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://polarssl.org/trac/wiki/SecurityAdvisory201101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360"
},
{
"name": "46670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46670"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1923",
"datePublished": "2012-06-20T17:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9744
Vulnerability from cvelistv5
Published
2015-08-24 15:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html | vendor-advisory, x_refsource_SUSE | |
| https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-24T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1457",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9744",
"datePublished": "2015-08-24T15:00:00Z",
"dateReserved": "2015-08-24T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:17.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8036
Vulnerability from cvelistv5
Published
2015-11-02 19:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3468 | vendor-advisory, x_refsource_DEBIAN | |
| https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf | x_refsource_MISC | |
| https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/ | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html | vendor-advisory, x_refsource_FEDORA | |
| https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3468",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name": "FEDORA-2015-30a417bea9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name": "openSUSE-SU-2016:1928",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3468",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name": "FEDORA-2015-30a417bea9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name": "openSUSE-SU-2016:1928",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3468",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"name": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf",
"refsource": "MISC",
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"name": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/",
"refsource": "MISC",
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name": "FEDORA-2015-30a417bea9",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01",
"refsource": "CONFIRM",
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name": "openSUSE-SU-2016:1928",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8036",
"datePublished": "2015-11-02T19:00:00",
"dateReserved": "2015-11-02T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5291
Vulnerability from cvelistv5
Published
2015-11-02 19:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3468 | vendor-advisory, x_refsource_DEBIAN | |
| https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf | x_refsource_MISC | |
| https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/ | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html | vendor-advisory, x_refsource_FEDORA | |
| https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201706-18 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3468",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name": "FEDORA-2015-30a417bea9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"name": "FEDORA-2015-e22bb33731",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"
},
{
"name": "FEDORA-2015-7f939b3af5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name": "openSUSE-SU-2015:2257",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"
},
{
"name": "GLSA-201706-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"name": "openSUSE-SU-2015:2371",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3468",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name": "FEDORA-2015-30a417bea9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"name": "FEDORA-2015-e22bb33731",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"
},
{
"name": "FEDORA-2015-7f939b3af5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name": "openSUSE-SU-2015:2257",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"
},
{
"name": "GLSA-201706-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"name": "openSUSE-SU-2015:2371",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3468",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"name": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf",
"refsource": "MISC",
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"name": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/",
"refsource": "MISC",
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name": "FEDORA-2015-30a417bea9",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"name": "FEDORA-2015-e22bb33731",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"
},
{
"name": "FEDORA-2015-7f939b3af5",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"
},
{
"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01",
"refsource": "CONFIRM",
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name": "openSUSE-SU-2015:2257",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"
},
{
"name": "GLSA-201706-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"name": "openSUSE-SU-2015:2371",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5291",
"datePublished": "2015-11-02T19:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1621
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 15:04
Severity ?
EPSS score ?
Summary
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.isg.rhul.ac.uk/tls/TLStiming.pdf | x_refsource_MISC | |
| http://www.debian.org/security/2013/dsa-2622 | vendor-advisory, x_refsource_DEBIAN | |
| http://openwall.com/lists/oss-security/2013/02/05/24 | mailing-list, x_refsource_MLIST | |
| https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "DSA-2622",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1621",
"datePublished": "2013-02-08T19:00:00",
"dateReserved": "2013-02-05T00:00:00",
"dateUpdated": "2024-08-06T15:04:49.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8627
Vulnerability from cvelistv5
Published
2014-11-24 15:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html | vendor-advisory, x_refsource_SUSE | |
| https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released | x_refsource_CONFIRM | |
| http://secunia.com/advisories/61220 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"name": "61220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "openSUSE-SU-2014:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"name": "61220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2014-8627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1457",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"name": "61220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2014-8627",
"datePublished": "2014-11-24T15:00:00",
"dateReserved": "2014-11-06T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4574
Vulnerability from cvelistv5
Published
2021-10-27 00:52
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PolarSSL",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PolarSSL 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\u0027s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:52:57",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PolarSSL",
"version": {
"version_data": [
{
"version_value": "PolarSSL 1.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\u0027s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02",
"refsource": "MISC",
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4574",
"datePublished": "2021-10-27T00:52:57",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5914
Vulnerability from cvelistv5
Published
2013-10-26 17:00
Modified
2024-09-16 16:38
Severity ?
EPSS score ?
Summary
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2782 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04"
},
{
"name": "DSA-2782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-26T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04"
},
{
"name": "DSA-2782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04"
},
{
"name": "DSA-2782",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5914",
"datePublished": "2013-10-26T17:00:00Z",
"dateReserved": "2013-09-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:29.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8628
Vulnerability from cvelistv5
Published
2015-08-24 15:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-3116 | vendor-advisory, x_refsource_DEBIAN | |
| https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released | x_refsource_CONFIRM | |
| https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"name": "DSA-3116",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "openSUSE-SU-2014:1457",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"name": "DSA-3116",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2014-8628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1457",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"name": "DSA-3116",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3116"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2014-8628",
"datePublished": "2015-08-24T15:00:00",
"dateReserved": "2014-11-06T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4911
Vulnerability from cvelistv5
Published
2014-07-22 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
References
| ▼ | URL | Tags |
|---|---|---|
| https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2981 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/60215 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:37.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02"
},
{
"name": "DSA-2981",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2981"
},
{
"name": "60215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-23T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02"
},
{
"name": "DSA-2981",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2981"
},
{
"name": "60215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02"
},
{
"name": "DSA-2981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2981"
},
{
"name": "60215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4911",
"datePublished": "2014-07-22T14:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:27:37.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5915
Vulnerability from cvelistv5
Published
2013-10-04 17:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/55084 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/62771 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/98049 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2013/dsa-2782 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html | vendor-advisory, x_refsource_FEDORA | |
| https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55084"
},
{
"name": "FEDORA-2013-18228",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html"
},
{
"name": "62771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62771"
},
{
"name": "98049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98049"
},
{
"name": "DSA-2782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"name": "FEDORA-2013-18251",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html"
},
{
"name": "FEDORA-2013-18216",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55084"
},
{
"name": "FEDORA-2013-18228",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html"
},
{
"name": "62771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62771"
},
{
"name": "98049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98049"
},
{
"name": "DSA-2782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"name": "FEDORA-2013-18251",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html"
},
{
"name": "FEDORA-2013-18216",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55084"
},
{
"name": "FEDORA-2013-18228",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html"
},
{
"name": "62771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62771"
},
{
"name": "98049",
"refsource": "OSVDB",
"url": "http://osvdb.org/98049"
},
{
"name": "DSA-2782",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"name": "FEDORA-2013-18251",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html"
},
{
"name": "FEDORA-2013-18216",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html"
},
{
"name": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5915",
"datePublished": "2013-10-04T17:00:00",
"dateReserved": "2013-09-19T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4623
Vulnerability from cvelistv5
Published
2013-09-30 20:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.html | vendor-advisory, x_refsource_FEDORA | |
| https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=997767 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.html | vendor-advisory, x_refsource_FEDORA | |
| https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2782 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/61764 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-16258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03"
},
{
"name": "FEDORA-2013-16317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997767"
},
{
"name": "FEDORA-2013-16356",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859"
},
{
"name": "DSA-2782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"name": "61764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2013-16258",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03"
},
{
"name": "FEDORA-2013-16317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997767"
},
{
"name": "FEDORA-2013-16356",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859"
},
{
"name": "DSA-2782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"name": "61764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-16258",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.html"
},
{
"name": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03"
},
{
"name": "FEDORA-2013-16317",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=997767",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997767"
},
{
"name": "FEDORA-2013-16356",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.html"
},
{
"name": "https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859",
"refsource": "CONFIRM",
"url": "https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859"
},
{
"name": "DSA-2782",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"name": "61764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4623",
"datePublished": "2013-09-30T20:00:00",
"dateReserved": "2013-06-19T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0169
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T12:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"name": "http://www.matrixssl.org/news.html",
"refsource": "CONFIRM",
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"name": "http://www.openssl.org/news/secadv_20130204.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/",
"refsource": "MISC",
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57778"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "https://puppet.com/security/cve/cve-2013-0169",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"name": "http://www.splunk.com/view/SP-CAAAHXG",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0169",
"datePublished": "2013-02-08T19:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1182
Vulnerability from cvelistv5
Published
2015-01-27 15:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/62270 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201801-15 | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/62610 | third-party-advisory, x_refsource_SECUNIA | |
| https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3136 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-0991",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html"
},
{
"name": "62270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62270"
},
{
"name": "FEDORA-2015-1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html"
},
{
"name": "openSUSE-SU-2015:0186",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html"
},
{
"name": "GLSA-201801-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"name": "62610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62610"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04"
},
{
"name": "DSA-3136",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-15T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-0991",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html"
},
{
"name": "62270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62270"
},
{
"name": "FEDORA-2015-1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html"
},
{
"name": "openSUSE-SU-2015:0186",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html"
},
{
"name": "GLSA-201801-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"name": "62610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62610"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04"
},
{
"name": "DSA-3136",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-0991",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html"
},
{
"name": "62270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62270"
},
{
"name": "FEDORA-2015-1045",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html"
},
{
"name": "openSUSE-SU-2015:0186",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html"
},
{
"name": "GLSA-201801-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"name": "62610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62610"
},
{
"name": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04"
},
{
"name": "DSA-3136",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1182",
"datePublished": "2015-01-27T15:00:00",
"dateReserved": "2015-01-17T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-10-04 17:55
Modified
2024-11-21 01:58
Severity ?
Summary
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polarssl | polarssl | * | |
| polarssl | polarssl | 0.10.0 | |
| polarssl | polarssl | 0.10.1 | |
| polarssl | polarssl | 0.11.0 | |
| polarssl | polarssl | 0.11.1 | |
| polarssl | polarssl | 0.12.0 | |
| polarssl | polarssl | 0.12.1 | |
| polarssl | polarssl | 0.13.1 | |
| polarssl | polarssl | 0.14.0 | |
| polarssl | polarssl | 0.14.2 | |
| polarssl | polarssl | 0.14.3 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 1.0.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.1 | |
| polarssl | polarssl | 1.1.2 | |
| polarssl | polarssl | 1.1.3 | |
| polarssl | polarssl | 1.1.4 | |
| polarssl | polarssl | 1.1.5 | |
| polarssl | polarssl | 1.1.6 | |
| polarssl | polarssl | 1.1.8 | |
| polarssl | polarssl | 1.2.0 | |
| polarssl | polarssl | 1.2.1 | |
| polarssl | polarssl | 1.2.2 | |
| polarssl | polarssl | 1.2.3 | |
| polarssl | polarssl | 1.2.4 | |
| polarssl | polarssl | 1.2.5 | |
| polarssl | polarssl | 1.2.6 | |
| polarssl | polarssl | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB6CA0E-8184-4A29-BF80-21EDA97481F2",
"versionEndIncluding": "1.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*",
"matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*",
"matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*",
"matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*",
"matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9001635-AA9C-4165-B021-2B296CF6DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1D105753-A704-4BF4-BD7A-99985911B943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3FE7E6-8199-4C93-8BAB-FADA297D1BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF482DF-9F5C-45D6-AA5E-D9163A710AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5152886-DFBB-415C-99E0-A7E645A5F86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD989E-FC1D-44D2-9394-C36AD18325DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE349CDB-AE50-4043-86EF-1CED401AAEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48FAB18E-F1C9-46B2-985E-28AC2736DB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C453569-3736-4FC3-87FE-8282A1572CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86CC3C2-C0D0-420A-97FA-1862B9CF2CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE5D3D-FE2C-403E-9A90-43CB04A96CD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys."
},
{
"lang": "es",
"value": "La implementaci\u00f3n RSA-CRT- en PolarSSL anterior a la versi\u00f3n 1.2.9 no realiza adecuadamente la multiplicaci\u00f3n Montgomery, lo que podr\u00eda permitir a atacantes llevar a cabo un ataque timing side-channel y conseguir las llaves privadas RSA."
}
],
"id": "CVE-2013-5915",
"lastModified": "2024-11-21T01:58:25.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-04T17:55:09.993",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/98049"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55084"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62771"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/98049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-06 18:15
Modified
2024-11-21 01:38
Severity ?
Summary
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polarssl | polarssl | * | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 0.99 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3EA324-8345-4116-9E0B-DAD89EE4AE34",
"versionEndIncluding": "1.1.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*",
"matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*",
"matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Omisi\u00f3n de Seguridad en PolarSSL versiones 0.99pre4 hasta 1.1.1, debido a un error de cifrado d\u00e9bil cuando se generan valores Diffie-Hellman y claves RSA."
}
],
"id": "CVE-2012-2130",
"lastModified": "2024-11-21T01:38:33.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-06T18:15:10.310",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-10.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/53610"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201310-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/53610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2130"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-27 20:59
Modified
2024-11-21 02:24
Severity ?
Summary
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 13.2 | |
| polarssl | polarssl | 1.0.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.1 | |
| polarssl | polarssl | 1.1.2 | |
| polarssl | polarssl | 1.1.3 | |
| polarssl | polarssl | 1.1.4 | |
| polarssl | polarssl | 1.1.5 | |
| polarssl | polarssl | 1.1.6 | |
| polarssl | polarssl | 1.1.7 | |
| polarssl | polarssl | 1.1.8 | |
| polarssl | polarssl | 1.2.0 | |
| polarssl | polarssl | 1.2.1 | |
| polarssl | polarssl | 1.2.2 | |
| polarssl | polarssl | 1.2.3 | |
| polarssl | polarssl | 1.2.4 | |
| polarssl | polarssl | 1.2.5 | |
| polarssl | polarssl | 1.2.6 | |
| polarssl | polarssl | 1.2.7 | |
| polarssl | polarssl | 1.2.8 | |
| polarssl | polarssl | 1.2.9 | |
| polarssl | polarssl | 1.2.10 | |
| polarssl | polarssl | 1.2.11 | |
| polarssl | polarssl | 1.2.12 | |
| polarssl | polarssl | 1.3.0 | |
| polarssl | polarssl | 1.3.0 | |
| polarssl | polarssl | 1.3.0 | |
| polarssl | polarssl | 1.3.1 | |
| polarssl | polarssl | 1.3.2 | |
| polarssl | polarssl | 1.3.3 | |
| polarssl | polarssl | 1.3.4 | |
| polarssl | polarssl | 1.3.5 | |
| polarssl | polarssl | 1.3.6 | |
| polarssl | polarssl | 1.3.7 | |
| polarssl | polarssl | 1.3.8 | |
| polarssl | polarssl | 1.3.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9001635-AA9C-4165-B021-2B296CF6DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1D105753-A704-4BF4-BD7A-99985911B943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5464618A-E70D-4C11-A8BE-9827AD2F3EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3FE7E6-8199-4C93-8BAB-FADA297D1BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF482DF-9F5C-45D6-AA5E-D9163A710AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5152886-DFBB-415C-99E0-A7E645A5F86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD989E-FC1D-44D2-9394-C36AD18325DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE349CDB-AE50-4043-86EF-1CED401AAEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48FAB18E-F1C9-46B2-985E-28AC2736DB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C453569-3736-4FC3-87FE-8282A1572CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86CC3C2-C0D0-420A-97FA-1862B9CF2CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE5D3D-FE2C-403E-9A90-43CB04A96CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "229B9538-A16D-4572-B9CA-5FA2E4B56D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F98E8-E610-41BC-949A-09382B612D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4322DC6C-E4B6-4561-B4E5-3877917FABB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFBCD38-BAC7-4144-AED2-A93201607B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "226B0E63-062C-47F0-AF63-42028145CA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9400165F-7CA8-43B6-9C18-A9B68960C69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9E55CFB7-DD01-49EB-87CC-B7CC76B2B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "AD884F2C-3E94-4815-A035-E1134E55991F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27E26E-D912-462A-AE70-90AA058B9DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB54854-6DC9-44B9-A94A-671C17C1F0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "495BE6FC-806F-489E-85EF-5F6CF3E6B068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E56EC828-5984-4800-B366-3E3A2ED4A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0A5B11-E428-4B81-8125-4C26DC42733F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B085B300-6A08-4649-AB6A-167761D3138A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F43435-B2E1-4CF5-A7B7-0FD50C905783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FA32E-55FE-4F00-B209-D31B88986B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC41F8B-F625-4969-9289-4AB1B60BD9B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n asn1_get_sequence_of en library/asn1parse.c en PolarSSL 1.0 hasta 1.2.12 y 1.3.x hasta 1.3.9 no inicializa correctamente un puntero en la lista vinculada asn1_sequence, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una secuencias ASN.1 manipulada en un certificado."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/824.html\"\u003eCWE-824: Access of Uninitialized Pointer\u003c/a\u003e",
"id": "CVE-2015-1182",
"lastModified": "2024-11-21T02:24:50.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-27T20:59:14.277",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62610"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3136"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201801-15"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-24 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C4BF72-F3E9-49F7-BC63-55D85D82EC63",
"versionEndIncluding": "1.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9400165F-7CA8-43B6-9C18-A9B68960C69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27E26E-D912-462A-AE70-90AA058B9DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB54854-6DC9-44B9-A94A-671C17C1F0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "495BE6FC-806F-489E-85EF-5F6CF3E6B068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E56EC828-5984-4800-B366-3E3A2ED4A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0A5B11-E428-4B81-8125-4C26DC42733F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B085B300-6A08-4649-AB6A-167761D3138A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F43435-B2E1-4CF5-A7B7-0FD50C905783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FA32E-55FE-4F00-B209-D31B88986B5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de fuga de memoria en PolarSSL en versiones anteriores a 1.2.12 y 1.3.x en versiones anteriores a 1.3.9, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una gran cantidad de certificados X.509 manipulados. NOTA: este identificador ha sido SEPARADO por ADT3 debido a las diferentes versiones afectadas. Ver CVE-2014-9744 para el caso de mensaje ClientHello."
}
],
"id": "CVE-2014-8628",
"lastModified": "2024-11-21T02:19:28.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-24T15:59:00.090",
"references": [
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"source": "security@opentext.com",
"url": "http://www.debian.org/security/2014/dsa-3116"
},
{
"source": "security@opentext.com",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released"
},
{
"source": "security@opentext.com",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-24 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FA32E-55FE-4F00-B209-D31B88986B5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors."
},
{
"lang": "es",
"value": "PolarSSL 1.3.8 no negocia debidamente el algoritmo de la firma que utilizar, lo que permite a atacantes remotos realizar ataques de degradaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8627",
"lastModified": "2024-11-21T02:19:28.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-24T15:59:11.060",
"references": [
{
"source": "security@opentext.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"source": "security@opentext.com",
"url": "http://secunia.com/advisories/61220"
},
{
"source": "security@opentext.com",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polarssl | polarssl | * | |
| polarssl | polarssl | 0.10.0 | |
| polarssl | polarssl | 0.10.1 | |
| polarssl | polarssl | 0.11.0 | |
| polarssl | polarssl | 0.11.1 | |
| polarssl | polarssl | 0.12.0 | |
| polarssl | polarssl | 0.12.1 | |
| polarssl | polarssl | 0.13.1 | |
| polarssl | polarssl | 0.14.0 | |
| polarssl | polarssl | 0.14.2 | |
| polarssl | polarssl | 0.14.3 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 0.99 | |
| polarssl | polarssl | 1.0.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.1 | |
| polarssl | polarssl | 1.1.2 | |
| polarssl | polarssl | 1.1.3 | |
| polarssl | polarssl | 1.1.4 | |
| polarssl | polarssl | 1.1.5 | |
| polarssl | polarssl | 1.2.0 | |
| polarssl | polarssl | 1.2.1 | |
| polarssl | polarssl | 1.2.2 | |
| polarssl | polarssl | 1.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B54F4A7-B027-42B4-B1CD-A1FD52794492",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*",
"matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*",
"matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*",
"matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*",
"matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9001635-AA9C-4165-B021-2B296CF6DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF482DF-9F5C-45D6-AA5E-D9163A710AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5152886-DFBB-415C-99E0-A7E645A5F86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD989E-FC1D-44D2-9394-C36AD18325DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE349CDB-AE50-4043-86EF-1CED401AAEFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169."
},
{
"lang": "es",
"value": "Errores en en el \u00edndice del array en el m\u00f3dulo SSL en PolarSSL anterior a v1.2.5 podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores relacionados con un valor de longitud de \"padding\" especialmente dise\u00f1ado durante la validaci\u00f3n del padding CBC en una sesi\u00f3n TLS, una vulnerabilidad diferente a CVE-2013-0169."
}
],
"id": "CVE-2013-1621",
"lastModified": "2024-11-21T01:50:01.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-08T19:55:01.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"source": "cve@mitre.org",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 19:55
Modified
2024-11-21 01:46
Severity ?
Summary
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2F01ED-AB65-4006-AE2A-E9F73791D436",
"versionEndIncluding": "0.9.8x",
"versionStartIncluding": "0.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581DC050-33FB-408D-AB43-D3D796BCBBDE",
"versionEndIncluding": "1.0.0j",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02E6874F-3469-4173-92DE-1E90F0B241FB",
"versionEndIncluding": "1.0.1d",
"versionStartIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5C58642D-8504-4D3B-A411-96B83CFCD05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "603BED29-3B3F-49AD-A518-E68B40AE8484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*",
"matchCriteriaId": "0F03670F-559C-433D-8AE8-A3C16F05E1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*",
"matchCriteriaId": "3A294535-7190-4C33-910D-0520F575D800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*",
"matchCriteriaId": "52A6300A-98F2-4E5A-909E-895A6C5B1D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*",
"matchCriteriaId": "2280FB93-81A0-4BF4-AD7E-C9EAD277B379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*",
"matchCriteriaId": "1E42E405-91ED-4F41-A2EE-CECB27EB4951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*",
"matchCriteriaId": "11BCE518-1A35-44DE-9B40-B89E7637F830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*",
"matchCriteriaId": "46D0BB1F-FA76-4185-ACD4-587DFB24CFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*",
"matchCriteriaId": "D27FDDD5-083F-4A83-836F-BDCEB94894FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*",
"matchCriteriaId": "30BF0C2F-BF35-41B8-BC6A-F2DACE6A9A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*",
"matchCriteriaId": "EE05CDF7-1C43-46BF-9A7E-56B31BC1C837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "A520D505-7BDC-4E82-8A43-7C50AEE2B222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*",
"matchCriteriaId": "5ADF3C32-6663-4003-B7D6-CE3D02AFF45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*",
"matchCriteriaId": "F15C4440-6283-433E-998E-856DA7ED4DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*",
"matchCriteriaId": "C729FF50-6E41-4CEB-888A-E0FBD69B7897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*",
"matchCriteriaId": "EB0AB341-46CE-4851-899A-B09C81A9792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*",
"matchCriteriaId": "68EF7AC1-0179-4E10-89DD-5DA33682B3F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*",
"matchCriteriaId": "243726CF-F79A-4487-8807-FFA0AC86760B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*",
"matchCriteriaId": "5DECF6EC-B787-4CBA-936C-527864B504DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*",
"matchCriteriaId": "3C70C7D7-4E28-49D9-A007-EB186E85E5B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*",
"matchCriteriaId": "99B2B1A1-C3E5-4A32-8F5A-4BA8664E7537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "3F57C81C-446F-462C-BB64-65F87D1AA28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*",
"matchCriteriaId": "7CFFA025-08DC-4AEF-AAE3-B20ECCB0946E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*",
"matchCriteriaId": "ACBA03CE-2EF2-4C51-B796-54C65C3CFBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*",
"matchCriteriaId": "085241E5-F958-43DD-AB0A-35EAF6954CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*",
"matchCriteriaId": "20CD7414-1D66-4311-90FB-5D53C0C22D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*",
"matchCriteriaId": "6DCB646B-3F17-427D-AE89-039FCA1F6D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*",
"matchCriteriaId": "FA2AB84A-05D5-4091-B225-7762A73D45BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*",
"matchCriteriaId": "5A5A15F9-5047-4BB9-9B3E-A00998B6E7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*",
"matchCriteriaId": "11A0378E-0D41-4FE0-8DAF-A01B66D814DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*",
"matchCriteriaId": "942C51A3-87AC-4DB5-BAB9-3771A19C472A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*",
"matchCriteriaId": "C34819D3-615F-4CEE-BEAA-CE48BC2E53BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*",
"matchCriteriaId": "D97A141E-5FC0-4B79-ABAA-82F6DE857625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*",
"matchCriteriaId": "D32EAE02-B313-47AC-A1A3-BBF58A692E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "81EA5E3B-7EA9-45A4-9B69-2DD96471A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "27DED59D-C293-4D36-B194-B1645CD798C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*",
"matchCriteriaId": "DC3ADCB9-C4B7-4D30-932B-415C317870F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*",
"matchCriteriaId": "06FB52F8-8702-4795-BA47-28A1D007952F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*",
"matchCriteriaId": "3FDD48A5-9956-4AE6-9899-40D0830719FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "875DAD00-C396-4F45-8C39-843686D5C3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "F45FA1E6-D848-482B-BB3F-5B02E837EE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*",
"matchCriteriaId": "94A59C56-6A9B-4630-ACBD-45359451120D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*",
"matchCriteriaId": "795C1133-BF5E-4B07-A448-13EFAFEED9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*",
"matchCriteriaId": "DF20B7CE-1CD3-4D1E-9C5F-E9594A5135D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*",
"matchCriteriaId": "3206CF31-0EF2-4351-A077-1F8935965492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*",
"matchCriteriaId": "D2E1A163-7376-41C9-A0FF-C8C3B192B73A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*",
"matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*",
"matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*",
"matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*",
"matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
},
{
"lang": "es",
"value": "El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se utiliza en OpenSSL, OpenJDK, PolarSSL, y otros productos, no considera adecuadamente ataques a un requisito de verificaci\u00f3n MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperaci\u00f3n de texto plano trav\u00e9s del an\u00e1lisis estad\u00edstico de los datos de tiempo de los paquetes hechos a mano, tambi\u00e9n conocido como el \"Lucky Thirteen\" de emisi\u00f3n."
}
],
"evaluatorComment": "Per http://www.openssl.org/news/vulnerabilities.html:\nFixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) \nFixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) \nFixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)\n\nAffected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y\n(The fix in 1.0.1d wasn\u0027t complete, so please use 1.0.1e or later)",
"id": "CVE-2013-0169",
"lastModified": "2024-11-21T01:46:59.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-08T19:55:01.030",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/53623"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55108"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55322"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55350"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55351"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/53623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-20 17:55
Modified
2024-11-21 01:27
Severity ?
Summary
The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59B6C69D-4016-48A8-97C7-2C1F44FFB2F6",
"versionEndIncluding": "0.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de intercambio de claves Diffie-Hellman en dhm.c en PolarSSL antes de v0.14.2, no valida correctamente un par\u00e1metro p\u00fablico, lo que hace que sea m\u00e1s facil a atacantes man-in-the-middle el obtener la clave compartida modificando el tr\u00e1fico de red. Se trata de un problema relacionado con el CVE-2011-5095."
}
],
"id": "CVE-2011-1923",
"lastModified": "2024-11-21T01:27:19.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-20T17:55:01.433",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://polarssl.org/trac/wiki/SecurityAdvisory201101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://polarssl.org/trac/wiki/SecurityAdvisory201101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=53360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46670"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-02 19:59
Modified
2024-11-21 02:37
Severity ?
Summary
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | mbed_tls | * | |
| arm | mbed_tls | * | |
| polarssl | polarssl | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 21 | |
| opensuse | opensuse | 13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CF74B3-EE14-4615-85C5-196306A17171",
"versionEndExcluding": "1.3.14",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "299E0E3C-D91B-4AD9-9679-391FC6DDC515",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "011FF886-C20F-4577-8660-2462CFA25068",
"versionEndIncluding": "1.2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de buffer basado en memoria en ARM mbed TLS (anteriormente PolarSSL) 1.3.x en versiones anteriores a 1.3.14 y 2.x en versiones anteriores a 2.1.2 permite a servidores SSL remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del cliente) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un nombre largo de ticket de sesi\u00f3n para la extensi\u00f3n del ticket de sesi\u00f3n, el cual no es manejado correctamente cuando se crea un mensaje ClientHello para reanudar una sesi\u00f3n. NOTA: este identificador fue SEPARADO de CVE-2015-5291 por ADT3 debido a los diferentes intervalos de versi\u00f3n afectados."
}
],
"id": "CVE-2015-8036",
"lastModified": "2024-11-21T02:37:53.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-02T19:59:16.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.0 | |
| polarssl | polarssl | 1.1.1 | |
| polarssl | polarssl | 1.1.2 | |
| polarssl | polarssl | 1.1.3 | |
| polarssl | polarssl | 1.1.4 | |
| polarssl | polarssl | 1.1.5 | |
| polarssl | polarssl | 1.1.6 | |
| polarssl | polarssl | 1.2.0 | |
| polarssl | polarssl | 1.2.1 | |
| polarssl | polarssl | 1.2.2 | |
| polarssl | polarssl | 1.2.3 | |
| polarssl | polarssl | 1.2.4 | |
| polarssl | polarssl | 1.2.5 | |
| polarssl | polarssl | 1.2.6 | |
| polarssl | polarssl | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9001635-AA9C-4165-B021-2B296CF6DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1D105753-A704-4BF4-BD7A-99985911B943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF482DF-9F5C-45D6-AA5E-D9163A710AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5152886-DFBB-415C-99E0-A7E645A5F86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD989E-FC1D-44D2-9394-C36AD18325DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE349CDB-AE50-4043-86EF-1CED401AAEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48FAB18E-F1C9-46B2-985E-28AC2736DB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C453569-3736-4FC3-87FE-8282A1572CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86CC3C2-C0D0-420A-97FA-1862B9CF2CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE5D3D-FE2C-403E-9A90-43CB04A96CD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n x509parse_crt en x509.h de PolarSSL 1.1.x (anteriores a 1.1.7) y 1.2.x (anteriores a 1.2.8) no procesa apropiadamente los mensajes de certificado durante un handshake SSL/TLS, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de un mensaje de certificado que contiene un certificado codificado en PEM."
}
],
"id": "CVE-2013-4623",
"lastModified": "2024-11-21T01:55:57.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T22:55:04.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61764"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997767"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=997767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-27 01:15
Modified
2024-11-21 01:32
Severity ?
Summary
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD46886-D113-42AE-A06E-B2563A046094",
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\u0027s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
},
{
"lang": "es",
"value": "PolarSSL versiones anteriores a v1.1, usan el algoritmo de generaci\u00f3n de n\u00fameros aleatorios HAVEGE. En su esencia, \u00e9ste usa informaci\u00f3n de tiempo basada en el temporizador de alta resoluci\u00f3n del procesador (la instrucci\u00f3n RDTSC). Esta instrucci\u00f3n puede ser virtualizada, y algunos hosts de m\u00e1quinas virtuales han optado por deshabilitar esta instrucci\u00f3n, devolviendo 0s o resultados predecibles"
}
],
"id": "CVE-2011-4574",
"lastModified": "2024-11-21T01:32:34.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-27T01:15:07.067",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-02 19:59
Modified
2024-11-21 02:32
Severity ?
Summary
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | mbed_tls | * | |
| arm | mbed_tls | * | |
| polarssl | polarssl | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CF74B3-EE14-4615-85C5-196306A17171",
"versionEndExcluding": "1.3.14",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "299E0E3C-D91B-4AD9-9679-391FC6DDC515",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA81DF90-35D1-43B7-9AEA-9B054EAACB9C",
"versionEndExcluding": "1.2.17",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de buffer basado en memoria en PolarSSL 1.x en versiones anteriores a 1.2.17 y ARM mbed TLS (anteriormente PolarSSL) 1.3.x en versiones anteriores a 1.3.14 y 2.x en versiones anteriores a 2.1.2 permite a servidores remotos SSL provocar una denegaci\u00f3n de servicio (ca\u00edda de cliente) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una extensi\u00f3n larga de hostname para el indicador del nombre del servidor (SNI), el cual no es manejado correctamente cuando se crea un mensaje ClientHello. NOTA: este identificador ha sido SEPARADO por ADT3 debido a los diferentes intervalos de versi\u00f3n afectados. Ver CVE-2015-8036 para el problema del ticket de sesi\u00f3n que fue introducido en 1.3.0."
}
],
"id": "CVE-2015-5291",
"lastModified": "2024-11-21T02:32:43.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-02T19:59:05.123",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-24 15:59
Modified
2024-11-21 02:21
Severity ?
Summary
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85DCC4A4-8FFE-44FB-945B-775D1B6D3BD2",
"versionEndIncluding": "1.3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de fuga de memoria en PolarSSL en versiones anteriores a 1.3.9, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una gran cantidad de mensajes CLientHello. NOTA: este identificador ha sido SEPARADO de CVE-2014-8628 por ADT3 debido a las diferentes versiones afectadas."
}
],
"id": "CVE-2014-9744",
"lastModified": "2024-11-21T02:21:34.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-24T15:59:03.213",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-26 17:55
Modified
2024-11-21 01:58
Severity ?
Summary
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83F793ED-6FDD-42F4-B87F-47A4D8D905A0",
"versionEndIncluding": "1.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9001635-AA9C-4165-B021-2B296CF6DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1D105753-A704-4BF4-BD7A-99985911B943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet."
},
{
"lang": "es",
"value": "Buffer overflow en la func\u00f3n ssl_read_record en ssl_tls.c de PolarSSL anterior a la versi\u00f3n 1.1.8, cuando se utiliza TLS 1.1, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete largo."
}
],
"id": "CVE-2013-5914",
"lastModified": "2024-11-21T01:58:25.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-26T17:55:03.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-22 14:55
Modified
2024-11-21 02:11
Severity ?
Summary
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polarssl | polarssl | 1.3.0 | |
| polarssl | polarssl | 1.3.0 | |
| polarssl | polarssl | 1.3.0 | |
| polarssl | polarssl | 1.3.1 | |
| polarssl | polarssl | 1.3.2 | |
| polarssl | polarssl | 1.3.3 | |
| polarssl | polarssl | 1.3.4 | |
| polarssl | polarssl | 1.3.5 | |
| polarssl | polarssl | 1.3.6 | |
| polarssl | polarssl | 1.3.7 | |
| polarssl | polarssl | * | |
| polarssl | polarssl | 1.2.0 | |
| polarssl | polarssl | 1.2.1 | |
| polarssl | polarssl | 1.2.2 | |
| polarssl | polarssl | 1.2.3 | |
| polarssl | polarssl | 1.2.4 | |
| polarssl | polarssl | 1.2.5 | |
| polarssl | polarssl | 1.2.6 | |
| polarssl | polarssl | 1.2.7 | |
| polarssl | polarssl | 1.2.8 | |
| polarssl | polarssl | 1.2.9 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9400165F-7CA8-43B6-9C18-A9B68960C69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "9E55CFB7-DD01-49EB-87CC-B7CC76B2B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "AD884F2C-3E94-4815-A035-E1134E55991F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27E26E-D912-462A-AE70-90AA058B9DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB54854-6DC9-44B9-A94A-671C17C1F0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "495BE6FC-806F-489E-85EF-5F6CF3E6B068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E56EC828-5984-4800-B366-3E3A2ED4A397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0A5B11-E428-4B81-8125-4C26DC42733F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B085B300-6A08-4649-AB6A-167761D3138A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F43435-B2E1-4CF5-A7B7-0FD50C905783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "963DEE80-E81A-4559-BBF9-4A7970F59A6A",
"versionEndIncluding": "1.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF482DF-9F5C-45D6-AA5E-D9163A710AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5152886-DFBB-415C-99E0-A7E645A5F86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD989E-FC1D-44D2-9394-C36AD18325DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE349CDB-AE50-4043-86EF-1CED401AAEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48FAB18E-F1C9-46B2-985E-28AC2736DB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C453569-3736-4FC3-87FE-8282A1572CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E86CC3C2-C0D0-420A-97FA-1862B9CF2CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67CE5D3D-FE2C-403E-9A90-43CB04A96CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "229B9538-A16D-4572-B9CA-5FA2E4B56D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F98E8-E610-41BC-949A-09382B612D16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit."
},
{
"lang": "es",
"value": "La funci\u00f3n ssl_decrypt_buf en library/ssl_tls.c en PolarSSL anterior a 1.2.11 y 1.3.x anterior a 1.3.8 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con los suites de cifrado GCM, tal y como fue demostrado al utilizar el juego de herramientas Codenomicon Defensics."
}
],
"id": "CVE-2014-4911",
"lastModified": "2024-11-21T02:11:06.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-22T14:55:09.817",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60215"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2981"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}