CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2013-4623 – Gentoo Linux Security Advisory 201310-10
https://notcve.org/view.php?id=CVE-2013-4623
30 Sep 2013 — The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate. La función x509parse_crt en x509.h de PolarSSL 1.1.x (anteriores a 1.1.7) y 1.2.x (anteriores a 1.2.8) no procesa apropiadamente los mensajes de certificado durante un handshake SSL/TL... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2013-1621 – Gentoo Linux Security Advisory 201310-10
https://notcve.org/view.php?id=CVE-2013-1621
08 Feb 2013 — Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. Errores en en el índice del array en el módulo SSL en PolarSSL anterior a v1.2.5 podría permitir a atacantes remotos provocar una denegación de servicio a través de vectores relacionados con un valor de longitud de "padding" especialmente dise... • http://openwall.com/lists/oss-security/2013/02/05/24 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 1%CPEs: 72EXPL: 1CVE-2013-0169 – SSL/TLS: CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-0169
08 Feb 2013 — The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se... • https://github.com/wearohat/lucky13 • CWE-310: Cryptographic Issues •