Summary
Detail | |||
---|---|---|---|
Vendor | Polarssl | First view | 2014-07-22 |
Product | Polarssl | Last view | 2015-08-24 |
Version | 1.3.2 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:polarssl:polarssl |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2015-08-24 | CVE-2014-9744 | Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions. |
7.8 | 2015-08-24 | CVE-2014-8628 | Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. |
7.5 | 2015-01-27 | CVE-2015-1182 | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. |
5 | 2014-07-22 | CVE-2014-4911 | The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (2) | CWE-399 | Resource Management Errors |
33% (1) | CWE-310 | Cryptographic Issues |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-01-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201801-15.nasl - Type: ACT_GATHER_INFO |
2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-36.nasl - Type: ACT_GATHER_INFO |
2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-144.nasl - Type: ACT_GATHER_INFO |
2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-129.nasl - Type: ACT_GATHER_INFO |
2015-02-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-88.nasl - Type: ACT_GATHER_INFO |
2015-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2015-1045.nasl - Type: ACT_GATHER_INFO |
2015-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2015-0991.nasl - Type: ACT_GATHER_INFO |
2015-01-28 | Name: The remote SSL server is vulnerable to remote code execution. File: polarssl_cve-2015-1182.nasl - Type: ACT_DESTRUCTIVE_ATTACK |
2015-01-26 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3136.nasl - Type: ACT_GATHER_INFO |
2015-01-20 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_a5856ebaa01511e4a6801c6f65c3c4ff.nasl - Type: ACT_GATHER_INFO |
2015-01-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3116.nasl - Type: ACT_GATHER_INFO |
2014-11-24 | Name: The remote Fedora host is missing a security update. File: fedora_2014-14912.nasl - Type: ACT_GATHER_INFO |
2014-11-24 | Name: The remote Fedora host is missing a security update. File: fedora_2014-14898.nasl - Type: ACT_GATHER_INFO |
2014-11-20 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-689.nasl - Type: ACT_GATHER_INFO |
2014-07-22 | Name: The remote Fedora host is missing a security update. File: fedora_2014-8316.nasl - Type: ACT_GATHER_INFO |
2014-07-22 | Name: The remote Fedora host is missing a security update. File: fedora_2014-8310.nasl - Type: ACT_GATHER_INFO |
2014-07-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2981.nasl - Type: ACT_GATHER_INFO |