Computer Security
[EN] securityvulns.ru no-pyccku


PolarSSL multiple security vulnerabilities
Published:28.10.2013
Source:
SecurityVulns ID:13381
Type:remote
Threat Level:
5/10
Description:DoS, buffer overflows, timing attacks.
Affected:POLARSSL : PolarSSL 1.2
CVE:CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.)
 CVE-2013-5914 (Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.)
 CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2782-1] polarssl security update (28.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod