Search for packages
| purl | pkg:deb/debian/polarssl@1.2.9-1~deb6u5 |
| Next non-vulnerable version | 1.3.9-2.1+deb8u3 |
| Latest non-vulnerable version | 1.3.9-2.1+deb8u3 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3bwz-revc-aaab
Aliases: CVE-2017-18187 |
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. |
Affected by 0 other vulnerabilities. |
|
VCID-3gg9-vwsk-aaab
Aliases: CVE-2013-4623 |
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate. |
Affected by 7 other vulnerabilities. |
|
VCID-69z9-bp37-aaap
Aliases: CVE-2014-4911 |
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. |
Affected by 7 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-a6ax-n7af-aaag
Aliases: CVE-2015-1182 |
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. |
Affected by 7 other vulnerabilities. |
|
VCID-dvnw-axh8-aaab
Aliases: CVE-2013-5914 |
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet. |
Affected by 7 other vulnerabilities. |
|
VCID-gguc-enh4-aaag
Aliases: CVE-2015-5291 |
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. |
Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-kk1q-u5b2-aaae
Aliases: CVE-2018-0488 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. |
Affected by 0 other vulnerabilities. |
|
VCID-krrf-1uy1-aaam
Aliases: CVE-2018-0487 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. |
Affected by 0 other vulnerabilities. |
|
VCID-m3cu-eht1-aaae
Aliases: CVE-2013-5915 |
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. |
Affected by 7 other vulnerabilities. |
|
VCID-n5ux-g6he-aaaf
Aliases: CVE-2014-8628 |
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. |
Affected by 7 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-shm9-zmhf-aaam
Aliases: CVE-2015-8036 |
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. |
Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T10:10:20.648061+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:07:02.115658+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:02:31.103917+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:00:59.681275+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T09:46:49.376737+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T09:18:52.608731+00:00 | Debian Oval Importer | Affected by | VCID-m3cu-eht1-aaae | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:07:50.009616+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:07:05.657349+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:03:28.352011+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:03:22.684121+00:00 | Debian Oval Importer | Affected by | VCID-dvnw-axh8-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:01:16.975265+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T09:00:46.750702+00:00 | Debian Oval Importer | Affected by | VCID-3gg9-vwsk-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-21T08:58:20.021508+00:00 | Debian Oval Importer | Affected by | VCID-a6ax-n7af-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.3 |
| 2025-06-20T19:40:57.089845+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.1.3 |
| 2025-06-20T19:35:02.454735+00:00 | Debian Oval Importer | Affected by | VCID-a6ax-n7af-aaag | None | 36.1.3 |
| 2025-06-20T19:31:22.313544+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | None | 36.1.3 |
| 2025-06-20T19:31:16.844554+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.1.3 |
| 2025-06-20T19:27:22.808972+00:00 | Debian Oval Importer | Affected by | VCID-3gg9-vwsk-aaab | None | 36.1.3 |
| 2025-06-20T19:21:31.856365+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | None | 36.1.3 |
| 2025-06-08T03:59:25.504153+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:56:14.643833+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:51:38.349736+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:50:04.978981+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:35:32.369928+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:06:43.579854+00:00 | Debian Oval Importer | Affected by | VCID-m3cu-eht1-aaae | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:55:03.322873+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:54:19.396619+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:50:28.653648+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:50:21.592787+00:00 | Debian Oval Importer | Affected by | VCID-dvnw-axh8-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:48:09.481840+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:47:38.835746+00:00 | Debian Oval Importer | Affected by | VCID-3gg9-vwsk-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-08T02:45:01.234850+00:00 | Debian Oval Importer | Affected by | VCID-a6ax-n7af-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.1.0 |
| 2025-06-07T13:34:27.415839+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.1.0 |
| 2025-06-07T13:30:15.833827+00:00 | Debian Oval Importer | Affected by | VCID-a6ax-n7af-aaag | None | 36.1.0 |
| 2025-06-07T13:28:08.994312+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | None | 36.1.0 |
| 2025-06-07T13:28:03.213097+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.1.0 |
| 2025-06-07T13:25:07.855542+00:00 | Debian Oval Importer | Affected by | VCID-3gg9-vwsk-aaab | None | 36.1.0 |
| 2025-06-07T13:21:05.509829+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | None | 36.1.0 |
| 2025-06-03T13:24:25.107074+00:00 | Debian Oval Importer | Affected by | VCID-3gg9-vwsk-aaab | None | 36.1.2 |
| 2025-06-03T13:20:29.922534+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | None | 36.1.2 |
| 2025-04-08T02:27:35.743736+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:24:08.027283+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:19:28.381896+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:17:54.740444+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:03:08.045658+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T01:33:56.188148+00:00 | Debian Oval Importer | Affected by | VCID-m3cu-eht1-aaae | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:22:16.694899+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:21:31.738826+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:17:41.631848+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:17:35.790723+00:00 | Debian Oval Importer | Affected by | VCID-dvnw-axh8-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:15:19.691126+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:14:45.968834+00:00 | Debian Oval Importer | Affected by | VCID-3gg9-vwsk-aaab | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-08T01:12:15.930323+00:00 | Debian Oval Importer | Affected by | VCID-a6ax-n7af-aaag | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 36.0.0 |
| 2025-04-07T12:09:53.690221+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.0.0 |
| 2025-04-07T12:05:42.778078+00:00 | Debian Oval Importer | Affected by | VCID-a6ax-n7af-aaag | None | 36.0.0 |
| 2025-04-07T12:03:40.236614+00:00 | Debian Oval Importer | Affected by | VCID-69z9-bp37-aaap | None | 36.0.0 |
| 2025-04-07T12:03:34.400984+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.0.0 |
| 2025-04-07T12:00:38.664805+00:00 | Debian Oval Importer | Affected by | VCID-3gg9-vwsk-aaab | None | 36.0.0 |
| 2025-04-07T11:56:36.614044+00:00 | Debian Oval Importer | Affected by | VCID-n5ux-g6he-aaaf | None | 36.0.0 |