Search for packages
| purl | pkg:deb/debian/polarssl@1.2.9-1~deb7u6 |
| Next non-vulnerable version | 1.3.9-2.1+deb8u3 |
| Latest non-vulnerable version | 1.3.9-2.1+deb8u3 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3bwz-revc-aaab
Aliases: CVE-2017-18187 |
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. |
Affected by 0 other vulnerabilities. |
|
VCID-69z9-bp37-aaap
Aliases: CVE-2014-4911 |
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. |
Affected by 5 other vulnerabilities. |
|
VCID-gguc-enh4-aaag
Aliases: CVE-2015-5291 |
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. |
Affected by 0 other vulnerabilities. |
|
VCID-kk1q-u5b2-aaae
Aliases: CVE-2018-0488 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. |
Affected by 0 other vulnerabilities. |
|
VCID-krrf-1uy1-aaam
Aliases: CVE-2018-0487 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. |
Affected by 0 other vulnerabilities. |
|
VCID-n5ux-g6he-aaaf
Aliases: CVE-2014-8628 |
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. |
Affected by 5 other vulnerabilities. |
|
VCID-shm9-zmhf-aaam
Aliases: CVE-2015-8036 |
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3gg9-vwsk-aaab | The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate. |
CVE-2013-4623
|
| VCID-69z9-bp37-aaap | The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. |
CVE-2014-4911
|
| VCID-a6ax-n7af-aaag | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. |
CVE-2015-1182
|
| VCID-dvnw-axh8-aaab | Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet. |
CVE-2013-5914
|
| VCID-gguc-enh4-aaag | Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. |
CVE-2015-5291
|
| VCID-m3cu-eht1-aaae | The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. |
CVE-2013-5915
|
| VCID-n5ux-g6he-aaaf | Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. |
CVE-2014-8628
|
| VCID-shm9-zmhf-aaam | Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. |
CVE-2015-8036
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T10:10:20.649889+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:07:02.118034+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:02:31.106056+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:00:59.683345+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T09:46:49.379016+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T09:18:52.611229+00:00 | Debian Oval Importer | Fixing | VCID-m3cu-eht1-aaae | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:07:50.011887+00:00 | Debian Oval Importer | Fixing | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:07:05.659296+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:03:28.354323+00:00 | Debian Oval Importer | Fixing | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:03:22.686031+00:00 | Debian Oval Importer | Fixing | VCID-dvnw-axh8-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:01:16.977466+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:00:46.752588+00:00 | Debian Oval Importer | Fixing | VCID-3gg9-vwsk-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T08:58:20.023674+00:00 | Debian Oval Importer | Fixing | VCID-a6ax-n7af-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-20T19:46:31.212893+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | None | 36.1.3 |
| 2025-06-20T19:40:57.091610+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.1.3 |
| 2025-06-20T19:39:33.898311+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | None | 36.1.3 |
| 2025-06-20T19:38:33.575661+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.1.3 |
| 2025-06-20T19:35:02.456454+00:00 | Debian Oval Importer | Fixing | VCID-a6ax-n7af-aaag | None | 36.1.3 |
| 2025-06-20T19:31:22.315437+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | None | 36.1.3 |
| 2025-06-20T19:31:16.846201+00:00 | Debian Oval Importer | Fixing | VCID-gguc-enh4-aaag | None | 36.1.3 |
| 2025-06-20T19:27:22.810989+00:00 | Debian Oval Importer | Fixing | VCID-3gg9-vwsk-aaab | None | 36.1.3 |
| 2025-06-20T19:21:31.859777+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | None | 36.1.3 |
| 2025-06-08T03:59:25.505686+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:56:14.645663+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:51:38.351253+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:50:04.980494+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:35:32.371458+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:06:43.581604+00:00 | Debian Oval Importer | Fixing | VCID-m3cu-eht1-aaae | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:55:03.324547+00:00 | Debian Oval Importer | Fixing | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:54:19.398463+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:50:28.655855+00:00 | Debian Oval Importer | Fixing | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:50:21.594569+00:00 | Debian Oval Importer | Fixing | VCID-dvnw-axh8-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:48:09.484053+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:47:38.837353+00:00 | Debian Oval Importer | Fixing | VCID-3gg9-vwsk-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:45:01.237174+00:00 | Debian Oval Importer | Fixing | VCID-a6ax-n7af-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-07T13:38:37.207820+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | None | 36.1.0 |
| 2025-06-07T13:34:27.417335+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.1.0 |
| 2025-06-07T13:33:48.152823+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | None | 36.1.0 |
| 2025-06-07T13:32:48.349943+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.1.0 |
| 2025-06-07T13:30:15.835436+00:00 | Debian Oval Importer | Fixing | VCID-a6ax-n7af-aaag | None | 36.1.0 |
| 2025-06-07T13:28:08.995906+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | None | 36.1.0 |
| 2025-06-07T13:28:03.214649+00:00 | Debian Oval Importer | Fixing | VCID-gguc-enh4-aaag | None | 36.1.0 |
| 2025-06-07T13:25:07.857133+00:00 | Debian Oval Importer | Fixing | VCID-3gg9-vwsk-aaab | None | 36.1.0 |
| 2025-06-07T13:21:05.511618+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | None | 36.1.0 |
| 2025-06-03T13:24:25.108878+00:00 | Debian Oval Importer | Fixing | VCID-3gg9-vwsk-aaab | None | 36.1.2 |
| 2025-06-03T13:20:29.924062+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | None | 36.1.2 |
| 2025-04-08T02:27:35.749658+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:24:08.032939+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:19:28.387446+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:17:54.745561+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:03:08.050600+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T01:33:56.193954+00:00 | Debian Oval Importer | Fixing | VCID-m3cu-eht1-aaae | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:22:16.699756+00:00 | Debian Oval Importer | Fixing | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:21:31.743814+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:17:41.637364+00:00 | Debian Oval Importer | Fixing | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:17:35.796253+00:00 | Debian Oval Importer | Fixing | VCID-dvnw-axh8-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:15:19.696080+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:14:45.974237+00:00 | Debian Oval Importer | Fixing | VCID-3gg9-vwsk-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:12:15.935636+00:00 | Debian Oval Importer | Fixing | VCID-a6ax-n7af-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-07T12:14:00.559543+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | None | 36.0.0 |
| 2025-04-07T12:09:53.695551+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.0.0 |
| 2025-04-07T12:09:14.452779+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | None | 36.0.0 |
| 2025-04-07T12:08:13.988037+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.0.0 |
| 2025-04-07T12:05:42.783471+00:00 | Debian Oval Importer | Fixing | VCID-a6ax-n7af-aaag | None | 36.0.0 |
| 2025-04-07T12:03:40.242022+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | None | 36.0.0 |
| 2025-04-07T12:03:34.406341+00:00 | Debian Oval Importer | Fixing | VCID-gguc-enh4-aaag | None | 36.0.0 |
| 2025-04-07T12:00:38.670082+00:00 | Debian Oval Importer | Fixing | VCID-3gg9-vwsk-aaab | None | 36.0.0 |
| 2025-04-07T11:56:36.620421+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | None | 36.0.0 |