PolarSSL 1.3.1

CPE Details

PolarSSL 1.3.1
polarssl
polarssl
1.3.1
2013-10-28
14h44 +00:00
2013-10-28
14h45 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*

Informations

Vendor

polarssl

Product

polarssl

Version

1.3.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2014-9744 2015-08-24 15h00 +00:00 Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
7.8
CVE-2014-8628 2015-08-24 13h00 +00:00 Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.
7.8
CVE-2015-1182 2015-01-27 14h00 +00:00 The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
7.5
CVE-2014-4911 2014-07-22 12h00 +00:00 The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
5