CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9744
https://notcve.org/view.php?id=CVE-2014-9744
24 Aug 2015 — Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions. Vulnerabilidad de fuga de memoria en PolarSSL en versiones anteriores a 1.3.9, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una gran cantidad de mensajes CLientHello. NOTA: este identificador ha sido SEPARADO de... • http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 5%CPEs: 38EXPL: 0CVE-2015-1182 – Gentoo Linux Security Advisory 201801-15
https://notcve.org/view.php?id=CVE-2015-1182
27 Jan 2015 — The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. La función asn1_get_sequence_of en library/asn1parse.c en PolarSSL 1.0 hasta 1.2.12 y 1.3.x hasta 1.3.9 no inicializa correctamente un puntero en la lista vinculada asn1_sequence... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.html •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-8628 – Debian Security Advisory 3116-1
https://notcve.org/view.php?id=CVE-2014-8628
31 Dec 2014 — Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. Vulnerabilidad de fuga de memoria en PolarSSL en versiones anteriores a 1.2.12 y 1.3.x en versiones anteriores a 1.3.9, permite a atacantes remotos causar una denegación de servicio (consumo d... • http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8627
https://notcve.org/view.php?id=CVE-2014-8627
24 Nov 2014 — PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors. PolarSSL 1.3.8 no negocia debidamente el algoritmo de la firma que utilizar, lo que permite a atacantes remotos realizar ataques de degradación a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html • CWE-310: Cryptographic Issues •