PT-2014-1775 · Polarssl · Polarssl

Publicado

2014-07-22

·

Atualizado

2015-12-04

·

CVE-2014-4911

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions PolarSSL versions prior to 1.2.11 PolarSSL versions 1.3.x prior to 1.3.8
Description The issue allows remote attackers to cause a denial of service, potentially disrupting the availability of protected information. This can be achieved through vectors related to the GCM ciphersuites. The Codenomicon Defensics toolkit has been used to demonstrate this issue.
Recommendations For PolarSSL versions prior to 1.2.11, update to version 1.2.11 or later. For PolarSSL versions 1.3.x prior to 1.3.8, update to version 1.3.8 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

BDU:2015-02149
CVE-2014-4911
DLA-36-1
DSA-2981-1
MGASA-2014-0315

Produtos afetados

Polarssl