Search for packages
| purl | pkg:deb/ubuntu/polarssl@1.1.4-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2jnv-7ctk-aaaf
Aliases: CVE-2012-2130 |
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. |
Affected by 0 other vulnerabilities. |
|
VCID-3gg9-vwsk-aaab
Aliases: CVE-2013-4623 |
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate. |
Affected by 3 other vulnerabilities. |
|
VCID-dvnw-axh8-aaab
Aliases: CVE-2013-5914 |
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet. |
Affected by 3 other vulnerabilities. |
|
VCID-m3cu-eht1-aaae
Aliases: CVE-2013-5915 |
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. |
Affected by 0 other vulnerabilities. |
|
VCID-xjeb-8cha-aaac
Aliases: CVE-2013-1621 |
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|