CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9744
https://notcve.org/view.php?id=CVE-2014-9744
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions. Vulnerabilidad de fuga de memoria en PolarSSL en versiones anteriores a 1.3.9, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una gran cantidad de mensajes CLientHello. NOTA: este identificador ha sido SEPARADO de CVE-2014-8628 por ADT3 debido a las diferentes versiones afectadas. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 38EXPL: 0CVE-2015-1182
https://notcve.org/view.php?id=CVE-2015-1182
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. La función asn1_get_sequence_of en library/asn1parse.c en PolarSSL 1.0 hasta 1.2.12 y 1.3.x hasta 1.3.9 no inicializa correctamente un puntero en la lista vinculada asn1_sequence, lo que permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una secuencias ASN.1 manipulada en un certificado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.html http://secunia.com/advisories/62270 http://secunia.com/advisories/62610 http://www.debian.org/security/2015/dsa-3136 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 https://security.gentoo.org/glsa/201801-15 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-8628
https://notcve.org/view.php?id=CVE-2014-8628
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. Vulnerabilidad de fuga de memoria en PolarSSL en versiones anteriores a 1.2.12 y 1.3.x en versiones anteriores a 1.3.9, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una gran cantidad de certificados X.509 manipulados. NOTA: este identificador ha sido SEPARADO por ADT3 debido a las diferentes versiones afectadas. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html http://www.debian.org/security/2014/dsa-3116 https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8627
https://notcve.org/view.php?id=CVE-2014-8627
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors. PolarSSL 1.3.8 no negocia debidamente el algoritmo de la firma que utilizar, lo que permite a atacantes remotos realizar ataques de degradación a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html http://secunia.com/advisories/61220 https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released • CWE-310: Cryptographic Issues •