The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 0.11.1 |
| polarssl | polarssl | 0.12.1 |
| polarssl | polarssl | * |
| polarssl | polarssl | 0.11.0 |
| polarssl | polarssl | 0.12.0 |
| polarssl | polarssl | 0.10.1 |
| polarssl | polarssl | 0.13.1 |
| polarssl | polarssl | 0.10.0 |
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CVSS 2.0
Severity: LOW
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 0.14.0 |
| polarssl | polarssl | 0.99 |
| polarssl | polarssl | 1.1.2 |
| polarssl | polarssl | 0.14.3 |
| polarssl | polarssl | 1.1.1 |
| polarssl | polarssl | 1.1.3 |
| oracle | openjdk | 1.7.0 |
| polarssl | polarssl | 1.1.4 |
| openssl | openssl | * |
| polarssl | polarssl | 0.11.1 |
| polarssl | polarssl | 0.12.1 |
| polarssl | polarssl | 1.0.0 |
| oracle | openjdk | 1.6.0 |
| polarssl | polarssl | 0.11.0 |
| polarssl | polarssl | 0.12.0 |
| polarssl | polarssl | 0.10.1 |
| polarssl | polarssl | 0.13.1 |
| polarssl | polarssl | 0.14.2 |
| polarssl | polarssl | 1.1.0 |
| polarssl | polarssl | 0.10.0 |
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 0.14.0 |
| polarssl | polarssl | 0.99 |
| polarssl | polarssl | 1.1.2 |
| polarssl | polarssl | 1.2.0 |
| polarssl | polarssl | 0.14.3 |
| polarssl | polarssl | 1.1.1 |
| polarssl | polarssl | 1.1.3 |
| polarssl | polarssl | 1.1.5 |
| polarssl | polarssl | 1.1.4 |
| polarssl | polarssl | 0.11.1 |
| polarssl | polarssl | 0.12.1 |
| polarssl | polarssl | * |
| polarssl | polarssl | 1.2.1 |
| polarssl | polarssl | 1.0.0 |
| polarssl | polarssl | 1.2.3 |
| polarssl | polarssl | 0.11.0 |
| polarssl | polarssl | 0.12.0 |
| polarssl | polarssl | 0.10.1 |
| polarssl | polarssl | 0.13.1 |
| polarssl | polarssl | 0.14.2 |
| polarssl | polarssl | 1.1.0 |
| polarssl | polarssl | 1.2.2 |
| polarssl | polarssl | 0.10.0 |
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 1.1.2 |
| polarssl | polarssl | 1.2.0 |
| polarssl | polarssl | 1.1.1 |
| polarssl | polarssl | 1.1.3 |
| polarssl | polarssl | 1.2.7 |
| polarssl | polarssl | 1.1.5 |
| polarssl | polarssl | 1.1.6 |
| polarssl | polarssl | 1.1.4 |
| polarssl | polarssl | 1.2.1 |
| polarssl | polarssl | 1.2.4 |
| polarssl | polarssl | 1.2.5 |
| polarssl | polarssl | 1.2.3 |
| polarssl | polarssl | 1.2.6 |
| polarssl | polarssl | 1.1.0 |
| polarssl | polarssl | 1.2.2 |
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 1.1.4 |
| polarssl | polarssl | 1.1.2 |
| polarssl | polarssl | * |
| polarssl | polarssl | 1.0.0 |
| polarssl | polarssl | 1.1.1 |
| polarssl | polarssl | 1.1.3 |
| polarssl | polarssl | 1.1.5 |
| polarssl | polarssl | 1.1.0 |
| polarssl | polarssl | 1.1.6 |
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 0.14.0 |
| polarssl | polarssl | 0.99 |
| polarssl | polarssl | 1.1.2 |
| polarssl | polarssl | 1.2.0 |
| polarssl | polarssl | 1.1.4 |
| polarssl | polarssl | 1.2.3 |
| polarssl | polarssl | 0.12.0 |
| polarssl | polarssl | 0.10.1 |
| polarssl | polarssl | 1.2.6 |
| polarssl | polarssl | 0.14.2 |
| polarssl | polarssl | 1.1.0 |
| polarssl | polarssl | 0.10.0 |
| polarssl | polarssl | 1.1.8 |
| polarssl | polarssl | 0.14.3 |
| polarssl | polarssl | 1.1.1 |
| polarssl | polarssl | 1.1.3 |
| polarssl | polarssl | 1.2.7 |
| polarssl | polarssl | 1.1.5 |
| polarssl | polarssl | 1.1.6 |
| polarssl | polarssl | 0.11.1 |
| polarssl | polarssl | 0.12.1 |
| polarssl | polarssl | * |
| polarssl | polarssl | 1.2.1 |
| polarssl | polarssl | 1.2.4 |
| polarssl | polarssl | 1.2.5 |
| polarssl | polarssl | 1.0.0 |
| polarssl | polarssl | 0.11.0 |
| polarssl | polarssl | 0.13.1 |
| polarssl | polarssl | 1.2.2 |
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 1.2.0 |
| polarssl | polarssl | 1.3.4 |
| debian | debian_linux | 6.0 |
| polarssl | polarssl | 1.2.7 |
| polarssl | polarssl | 1.3.2 |
| polarssl | polarssl | * |
| polarssl | polarssl | 1.2.1 |
| polarssl | polarssl | 1.2.4 |
| polarssl | polarssl | 1.2.5 |
| polarssl | polarssl | 1.2.8 |
| polarssl | polarssl | 1.3.0 |
| polarssl | polarssl | 1.2.3 |
| polarssl | polarssl | 1.3.3 |
| debian | debian_linux | 7.0 |
| polarssl | polarssl | 1.3.5 |
| polarssl | polarssl | 1.2.9 |
| polarssl | polarssl | 1.2.6 |
| debian | debian_linux | 8.0 |
| polarssl | polarssl | 1.2.2 |
| polarssl | polarssl | 1.3.1 |
| polarssl | polarssl | 1.3.6 |
| polarssl | polarssl | 1.3.7 |
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 1.3.8 |
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 1.3.2 |
| polarssl | polarssl | 1.3.8 |
| polarssl | polarssl | * |
| polarssl | polarssl | 1.3.0 |
| polarssl | polarssl | 1.3.4 |
| polarssl | polarssl | 1.3.3 |
| polarssl | polarssl | 1.3.5 |
| polarssl | polarssl | 1.3.1 |
| polarssl | polarssl | 1.3.6 |
| polarssl | polarssl | 1.3.7 |
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| polarssl | polarssl | * |
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| polarssl | polarssl | 1.1.2 |
| polarssl | polarssl | 1.2.0 |
| polarssl | polarssl | 1.3.4 |
| polarssl | polarssl | 1.2.12 |
| polarssl | polarssl | 1.3.8 |
| polarssl | polarssl | 1.1.4 |
| polarssl | polarssl | 1.2.8 |
| polarssl | polarssl | 1.3.0 |
| polarssl | polarssl | 1.2.3 |
| polarssl | polarssl | 1.2.6 |
| polarssl | polarssl | 1.1.0 |
| polarssl | polarssl | 1.3.1 |
| polarssl | polarssl | 1.3.9 |
| polarssl | polarssl | 1.3.7 |
| polarssl | polarssl | 1.2.11 |
| polarssl | polarssl | 1.1.7 |
| polarssl | polarssl | 1.1.8 |
| polarssl | polarssl | 1.2.10 |
| polarssl | polarssl | 1.1.1 |
| polarssl | polarssl | 1.1.3 |
| polarssl | polarssl | 1.2.7 |
| polarssl | polarssl | 1.1.5 |
| polarssl | polarssl | 1.1.6 |
| polarssl | polarssl | 1.3.2 |
| polarssl | polarssl | 1.2.1 |
| polarssl | polarssl | 1.2.4 |
| polarssl | polarssl | 1.2.5 |
| polarssl | polarssl | 1.0.0 |
| polarssl | polarssl | 1.3.3 |
| polarssl | polarssl | 1.3.5 |
| polarssl | polarssl | 1.2.9 |
| polarssl | polarssl | 1.2.2 |
| polarssl | polarssl | 1.3.6 |
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 22 |
| opensuse | opensuse | 13.2 |
| polarssl | polarssl | * |
| fedoraproject | fedora | 21 |
| arm | mbed_tls | * |
| debian | debian_linux | 7.0 |
| opensuse | leap | 42.1 |
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 23 |
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| polarssl | polarssl | * |
| fedoraproject | fedora | 21 |
| arm | mbed_tls | * |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |