VulnerableCode Package Details - pkg:deb/debian/polarssl@1.3.9-2.1%2Bdeb8u3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3bwz-revc-aaab	In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.	CVE-2017-18187
VCID-gguc-enh4-aaag	Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.	CVE-2015-5291
VCID-kk1q-u5b2-aaae	ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.	CVE-2018-0488
VCID-krrf-1uy1-aaam	ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.	CVE-2018-0487
VCID-shm9-zmhf-aaam	Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.	CVE-2015-8036

Vulnerability

Summary

Aliases

VCID-3bwz-revc-aaab

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.

CVE-2017-18187

VCID-gguc-enh4-aaag

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.

CVE-2015-5291

VCID-kk1q-u5b2-aaae

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

CVE-2018-0488

VCID-krrf-1uy1-aaam

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

CVE-2018-0487

VCID-shm9-zmhf-aaam

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.

CVE-2015-8036

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T10:10:20.653620+00:00	Debian Oval Importer	Fixing	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:07:02.122811+00:00	Debian Oval Importer	Fixing	VCID-kk1q-u5b2-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:02:31.110340+00:00	Debian Oval Importer	Fixing	VCID-krrf-1uy1-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:00:59.687255+00:00	Debian Oval Importer	Fixing	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:46:49.383588+00:00	Debian Oval Importer	Fixing	VCID-3bwz-revc-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-20T19:40:57.095047+00:00	Debian Oval Importer	Fixing	VCID-3bwz-revc-aaab	None	36.1.3
2025-06-20T19:38:33.580404+00:00	Debian Oval Importer	Fixing	VCID-gguc-enh4-aaag	None	36.1.3
2025-06-08T03:59:25.508716+00:00	Debian Oval Importer	Fixing	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:56:14.649303+00:00	Debian Oval Importer	Fixing	VCID-kk1q-u5b2-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:51:38.354254+00:00	Debian Oval Importer	Fixing	VCID-krrf-1uy1-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:50:04.983550+00:00	Debian Oval Importer	Fixing	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:35:32.383542+00:00	Debian Oval Importer	Fixing	VCID-3bwz-revc-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T13:34:27.420404+00:00	Debian Oval Importer	Fixing	VCID-3bwz-revc-aaab	None	36.1.0
2025-06-07T13:32:48.353090+00:00	Debian Oval Importer	Fixing	VCID-gguc-enh4-aaag	None	36.1.0
2025-04-08T02:27:35.761151+00:00	Debian Oval Importer	Fixing	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:24:08.043767+00:00	Debian Oval Importer	Fixing	VCID-kk1q-u5b2-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:19:28.398535+00:00	Debian Oval Importer	Fixing	VCID-krrf-1uy1-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:17:54.755513+00:00	Debian Oval Importer	Fixing	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:03:08.060612+00:00	Debian Oval Importer	Fixing	VCID-3bwz-revc-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T12:09:53.706163+00:00	Debian Oval Importer	Fixing	VCID-3bwz-revc-aaab	None	36.0.0
2025-04-07T12:08:14.001983+00:00	Debian Oval Importer	Fixing	VCID-gguc-enh4-aaag	None	36.0.0