VulnerableCode Package Details - pkg:deb/debian/polarssl@0.12.1-1squeeze1

Search for packages

Package details: pkg:deb/debian/polarssl@0.12.1-1squeeze1

Essentials
History (63)

purl	pkg:deb/debian/polarssl@0.12.1-1squeeze1

Next non-vulnerable version	1.3.9-2.1+deb8u3
Latest non-vulnerable version	1.3.9-2.1+deb8u3
Risk	4.5

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-3bwz-revc-aaab Aliases: CVE-2017-18187	In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.	1.3.9-2.1+deb8u3 Affected by 0 other vulnerabilities.
VCID-3gg9-vwsk-aaab Aliases: CVE-2013-4623	The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-69z9-bp37-aaap Aliases: CVE-2014-4911	The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.9-2.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8c1z-2ue1-aaaj Aliases: CVE-2013-0169 VC-OPENSSL-20130204-CVE-2013-0169	A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing.	1.2.9-1~deb6u1 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-a6ax-n7af-aaag Aliases: CVE-2015-1182	The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dvnw-axh8-aaab Aliases: CVE-2013-5914	Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gguc-enh4-aaag Aliases: CVE-2015-5291	Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.9-2.1+deb8u3 Affected by 0 other vulnerabilities.
VCID-kk1q-u5b2-aaae Aliases: CVE-2018-0488	ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.	1.3.9-2.1+deb8u3 Affected by 0 other vulnerabilities.
VCID-krrf-1uy1-aaam Aliases: CVE-2018-0487	ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.	1.3.9-2.1+deb8u3 Affected by 0 other vulnerabilities.
VCID-m3cu-eht1-aaae Aliases: CVE-2013-5915	The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n5ux-g6he-aaaf Aliases: CVE-2014-8628	Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.9-2.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-shm9-zmhf-aaam Aliases: CVE-2015-8036	Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.	1.2.9-1~deb7u6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.9-2.1+deb8u3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T10:10:20.644162+00:00	Debian Oval Importer	Affected by	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:07:02.110863+00:00	Debian Oval Importer	Affected by	VCID-kk1q-u5b2-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:02:31.099285+00:00	Debian Oval Importer	Affected by	VCID-krrf-1uy1-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T10:00:59.676985+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:46:49.372185+00:00	Debian Oval Importer	Affected by	VCID-3bwz-revc-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:18:52.603999+00:00	Debian Oval Importer	Affected by	VCID-m3cu-eht1-aaae	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-21T09:07:50.005142+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-21T09:07:05.653225+00:00	Debian Oval Importer	Affected by	VCID-n5ux-g6he-aaaf	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-21T09:03:28.346776+00:00	Debian Oval Importer	Affected by	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-21T09:03:22.679990+00:00	Debian Oval Importer	Affected by	VCID-dvnw-axh8-aaab	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-21T09:01:16.971129+00:00	Debian Oval Importer	Affected by	VCID-69z9-bp37-aaap	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-21T09:00:46.746906+00:00	Debian Oval Importer	Affected by	VCID-3gg9-vwsk-aaab	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-21T08:58:20.017337+00:00	Debian Oval Importer	Affected by	VCID-a6ax-n7af-aaag	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.3
2025-06-20T19:40:57.085699+00:00	Debian Oval Importer	Affected by	VCID-3bwz-revc-aaab	None	36.1.3
2025-06-20T19:35:02.451115+00:00	Debian Oval Importer	Affected by	VCID-a6ax-n7af-aaag	None	36.1.3
2025-06-20T19:31:22.309570+00:00	Debian Oval Importer	Affected by	VCID-69z9-bp37-aaap	None	36.1.3
2025-06-20T19:31:16.840507+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	None	36.1.3
2025-06-20T19:27:22.805066+00:00	Debian Oval Importer	Affected by	VCID-3gg9-vwsk-aaab	None	36.1.3
2025-06-20T19:21:54.790723+00:00	Debian Oval Importer	Affected by	VCID-8c1z-2ue1-aaaj	None	36.1.3
2025-06-20T19:21:31.851240+00:00	Debian Oval Importer	Affected by	VCID-n5ux-g6he-aaaf	None	36.1.3
2025-06-08T03:59:25.500962+00:00	Debian Oval Importer	Affected by	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:56:14.640083+00:00	Debian Oval Importer	Affected by	VCID-kk1q-u5b2-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:51:38.346552+00:00	Debian Oval Importer	Affected by	VCID-krrf-1uy1-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:50:04.975719+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:35:32.366607+00:00	Debian Oval Importer	Affected by	VCID-3bwz-revc-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:06:43.576739+00:00	Debian Oval Importer	Affected by	VCID-m3cu-eht1-aaae	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-08T02:55:03.318781+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-08T02:54:19.392497+00:00	Debian Oval Importer	Affected by	VCID-n5ux-g6he-aaaf	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-08T02:50:28.649708+00:00	Debian Oval Importer	Affected by	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-08T02:50:21.589496+00:00	Debian Oval Importer	Affected by	VCID-dvnw-axh8-aaab	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-08T02:48:09.478548+00:00	Debian Oval Importer	Affected by	VCID-69z9-bp37-aaap	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-08T02:47:38.832475+00:00	Debian Oval Importer	Affected by	VCID-3gg9-vwsk-aaab	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-08T02:45:01.229116+00:00	Debian Oval Importer	Affected by	VCID-a6ax-n7af-aaag	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.1.0
2025-06-07T13:34:27.412659+00:00	Debian Oval Importer	Affected by	VCID-3bwz-revc-aaab	None	36.1.0
2025-06-07T13:30:15.829693+00:00	Debian Oval Importer	Affected by	VCID-a6ax-n7af-aaag	None	36.1.0
2025-06-07T13:28:08.990788+00:00	Debian Oval Importer	Affected by	VCID-69z9-bp37-aaap	None	36.1.0
2025-06-07T13:28:03.209867+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	None	36.1.0
2025-06-07T13:25:07.852105+00:00	Debian Oval Importer	Affected by	VCID-3gg9-vwsk-aaab	None	36.1.0
2025-06-07T13:21:29.622457+00:00	Debian Oval Importer	Affected by	VCID-8c1z-2ue1-aaaj	None	36.1.0
2025-06-07T13:21:05.506178+00:00	Debian Oval Importer	Affected by	VCID-n5ux-g6he-aaaf	None	36.1.0
2025-06-03T13:24:25.102705+00:00	Debian Oval Importer	Affected by	VCID-3gg9-vwsk-aaab	None	36.1.2
2025-06-03T13:20:52.639622+00:00	Debian Oval Importer	Affected by	VCID-8c1z-2ue1-aaaj	None	36.1.2
2025-06-03T13:20:29.919034+00:00	Debian Oval Importer	Affected by	VCID-n5ux-g6he-aaaf	None	36.1.2
2025-04-08T02:27:35.733117+00:00	Debian Oval Importer	Affected by	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:24:08.016179+00:00	Debian Oval Importer	Affected by	VCID-kk1q-u5b2-aaae	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:19:28.370735+00:00	Debian Oval Importer	Affected by	VCID-krrf-1uy1-aaam	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:17:54.730320+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T02:03:08.035579+00:00	Debian Oval Importer	Affected by	VCID-3bwz-revc-aaab	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T01:33:56.176445+00:00	Debian Oval Importer	Affected by	VCID-m3cu-eht1-aaae	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-08T01:22:16.684747+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-08T01:21:31.728817+00:00	Debian Oval Importer	Affected by	VCID-n5ux-g6he-aaaf	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-08T01:17:41.620952+00:00	Debian Oval Importer	Affected by	VCID-shm9-zmhf-aaam	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-08T01:17:35.779719+00:00	Debian Oval Importer	Affected by	VCID-dvnw-axh8-aaab	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-08T01:15:19.680784+00:00	Debian Oval Importer	Affected by	VCID-69z9-bp37-aaap	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-08T01:14:45.957786+00:00	Debian Oval Importer	Affected by	VCID-3gg9-vwsk-aaab	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-08T01:12:15.919782+00:00	Debian Oval Importer	Affected by	VCID-a6ax-n7af-aaag	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	36.0.0
2025-04-07T12:09:53.679478+00:00	Debian Oval Importer	Affected by	VCID-3bwz-revc-aaab	None	36.0.0
2025-04-07T12:05:42.767345+00:00	Debian Oval Importer	Affected by	VCID-a6ax-n7af-aaag	None	36.0.0
2025-04-07T12:03:40.225872+00:00	Debian Oval Importer	Affected by	VCID-69z9-bp37-aaap	None	36.0.0
2025-04-07T12:03:34.390180+00:00	Debian Oval Importer	Affected by	VCID-gguc-enh4-aaag	None	36.0.0
2025-04-07T12:00:38.654043+00:00	Debian Oval Importer	Affected by	VCID-3gg9-vwsk-aaab	None	36.0.0
2025-04-07T11:57:00.321647+00:00	Debian Oval Importer	Affected by	VCID-8c1z-2ue1-aaaj	None	36.0.0
2025-04-07T11:56:36.601243+00:00	Debian Oval Importer	Affected by	VCID-n5ux-g6he-aaaf	None	36.0.0