PT-2013-1214 · Openssl · Polarssl

Published

2013-02-08

Updated

2013-10-17

CVE-2013-1621

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PolarSSL versions prior to 1.3.0 PolarSSL versions prior to 1.2.5

Description The issue is related to an array index error in the SSL module of PolarSSL, which might allow remote attackers to cause a denial of service. This can be achieved through vectors involving a crafted padding-length value during validation of CBC padding in a TLS session. Multiple vulnerabilities in the PolarSSL package can lead to disruption of protected information availability, and exploitation can be done remotely.

Recommendations For PolarSSL versions prior to 1.2.5, update to version 1.2.5 or later. For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-310

Related Identifiers

BDU:2015-09702

CVE-2013-1621

DSA-2622-1

MGASA-2013-0290

Affected Products

Polarssl

PT-2013-1214 · Openssl · Polarssl

CVE-2013-1621

Weakness Enumeration

Related Identifiers

Affected Products

References · 21