PolarSSL 1.2.15

CPE Details

PolarSSL 1.2.15
polarssl
polarssl
1.2.15
2019-06-18
16h30 +00:00
2019-06-18
16h30 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:polarssl:polarssl:1.2.15:*:*:*:*:*:*:*

Informations

Vendor

polarssl

Product

polarssl

Version

1.2.15

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2015-5291 2015-11-02 18h00 +00:00 Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
6.8
CVE-2015-8036 2015-11-02 18h00 +00:00 Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
6.8
CVE-2014-9744 2015-08-24 15h00 +00:00 Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
7.8