This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Polarssl First view 2014-07-22
Product Polarssl Last view 2015-08-24
Version 1.3.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:polarssl:polarssl

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2015-08-24 CVE-2014-9744

Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
7.8 2015-08-24 CVE-2014-8628

Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.
7.5 2015-01-27 CVE-2015-1182

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
5 2014-07-22 CVE-2014-4911

The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-399 Resource Management Errors
33% (1) CWE-310 Cryptographic Issues

Nessus® Vulnerability Scanner

id Description
2018-01-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-15.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-36.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-144.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-129.nasl - Type: ACT_GATHER_INFO
2015-02-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-88.nasl - Type: ACT_GATHER_INFO
2015-01-30 Name: The remote Fedora host is missing a security update.
File: fedora_2015-1045.nasl - Type: ACT_GATHER_INFO
2015-01-30 Name: The remote Fedora host is missing a security update.
File: fedora_2015-0991.nasl - Type: ACT_GATHER_INFO
2015-01-28 Name: The remote SSL server is vulnerable to remote code execution.
File: polarssl_cve-2015-1182.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2015-01-26 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3136.nasl - Type: ACT_GATHER_INFO
2015-01-20 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_a5856ebaa01511e4a6801c6f65c3c4ff.nasl - Type: ACT_GATHER_INFO
2015-01-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3116.nasl - Type: ACT_GATHER_INFO
2014-11-24 Name: The remote Fedora host is missing a security update.
File: fedora_2014-14912.nasl - Type: ACT_GATHER_INFO
2014-11-24 Name: The remote Fedora host is missing a security update.
File: fedora_2014-14898.nasl - Type: ACT_GATHER_INFO
2014-11-20 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-689.nasl - Type: ACT_GATHER_INFO
2014-07-22 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8316.nasl - Type: ACT_GATHER_INFO
2014-07-22 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8310.nasl - Type: ACT_GATHER_INFO
2014-07-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2981.nasl - Type: ACT_GATHER_INFO