CVE-2013-4623

Name of the Vulnerable Software and Affected Versions PolarSSL versions 1.1.x through 1.1.6 PolarSSL versions 1.2.x through 1.2.7 PolarSSL versions prior to 1.3.0

Description The issue allows remote attackers to cause a denial of service, resulting in infinite loop and CPU consumption, by sending a certificate message that contains a PEM encoded certificate during the SSL/TLS handshake. This is due to the improper parsing of certificate messages by the x509parse crt function in x509.h. The vulnerability can be exploited remotely, potentially leading to disruption of protected information.

Recommendations For PolarSSL versions 1.1.x through 1.1.6, update to version 1.1.7 or later. For PolarSSL versions 1.2.x through 1.2.7, update to version 1.2.8 or later. For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later.