CVSS: 7.5EPSS: 6%CPEs: 17EXPL: 1CVE-2013-4623 – Gentoo Linux Security Advisory 201310-10
https://notcve.org/view.php?id=CVE-2013-4623
30 Sep 2013 — The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate. La función x509parse_crt en x509.h de PolarSSL 1.1.x (anteriores a 1.1.7) y 1.2.x (anteriores a 1.2.8) no procesa apropiadamente los mensajes de certificado durante un handshake SSL/TL... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2013-1621 – Gentoo Linux Security Advisory 201310-10
https://notcve.org/view.php?id=CVE-2013-1621
08 Feb 2013 — Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. Errores en en el índice del array en el módulo SSL en PolarSSL anterior a v1.2.5 podría permitir a atacantes remotos provocar una denegación de servicio a través de vectores relacionados con un valor de longitud de "padding" especialmente dise... • http://openwall.com/lists/oss-security/2013/02/05/24 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0169 – SSL/TLS: CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-0169
08 Feb 2013 — The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se... • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2011-1923 – Gentoo Linux Security Advisory 201310-10
https://notcve.org/view.php?id=CVE-2011-1923
20 Jun 2012 — The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095. La implementación de intercambio de claves Diffie-Hellman en dhm.c en PolarSSL antes de v0.14.2, no valida correctamente un parámetro público, lo que hace que sea más facil a atacantes man-in-the-middle el obtener la clave compartida... • http://polarssl.org/trac/wiki/SecurityAdvisory201101 • CWE-310: Cryptographic Issues •