Search for packages
| purl | pkg:deb/debian/polarssl@1.3.9-2.1 |
| Next non-vulnerable version | 1.3.9-2.1+deb8u3 |
| Latest non-vulnerable version | 1.3.9-2.1+deb8u3 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3bwz-revc-aaab
Aliases: CVE-2017-18187 |
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. |
Affected by 0 other vulnerabilities. |
|
VCID-gguc-enh4-aaag
Aliases: CVE-2015-5291 |
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. |
Affected by 0 other vulnerabilities. |
|
VCID-kk1q-u5b2-aaae
Aliases: CVE-2018-0488 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. |
Affected by 0 other vulnerabilities. |
|
VCID-krrf-1uy1-aaam
Aliases: CVE-2018-0487 |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. |
Affected by 0 other vulnerabilities. |
|
VCID-shm9-zmhf-aaam
Aliases: CVE-2015-8036 |
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-69z9-bp37-aaap | The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. |
CVE-2014-4911
|
| VCID-n5ux-g6he-aaaf | Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. |
CVE-2014-8628
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T10:10:20.651739+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:07:02.120385+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:02:31.108189+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T10:00:59.685313+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T09:46:49.381289+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-20T19:46:31.215086+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | None | 36.1.3 |
| 2025-06-20T19:40:57.093341+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.1.3 |
| 2025-06-20T19:39:33.900211+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | None | 36.1.3 |
| 2025-06-20T19:38:33.577890+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.1.3 |
| 2025-06-08T03:59:25.507157+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:56:14.647481+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:51:38.352774+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:50:04.982019+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-08T03:35:32.381465+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-07T13:38:37.209591+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | None | 36.1.0 |
| 2025-06-07T13:34:27.418868+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.1.0 |
| 2025-06-07T13:33:48.154733+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | None | 36.1.0 |
| 2025-06-07T13:32:48.351554+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.1.0 |
| 2025-04-08T02:27:35.755333+00:00 | Debian Oval Importer | Affected by | VCID-shm9-zmhf-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:24:08.038224+00:00 | Debian Oval Importer | Affected by | VCID-kk1q-u5b2-aaae | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:19:28.392814+00:00 | Debian Oval Importer | Affected by | VCID-krrf-1uy1-aaam | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:17:54.750459+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-08T02:03:08.055552+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-07T12:14:00.564919+00:00 | Debian Oval Importer | Fixing | VCID-69z9-bp37-aaap | None | 36.0.0 |
| 2025-04-07T12:09:53.700869+00:00 | Debian Oval Importer | Affected by | VCID-3bwz-revc-aaab | None | 36.0.0 |
| 2025-04-07T12:09:14.458142+00:00 | Debian Oval Importer | Fixing | VCID-n5ux-g6he-aaaf | None | 36.0.0 |
| 2025-04-07T12:08:13.995037+00:00 | Debian Oval Importer | Affected by | VCID-gguc-enh4-aaag | None | 36.0.0 |