CVE-2014-8628
https://notcve.org/view.php?id=CVE-2014-8628
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. Vulnerabilidad de fuga de memoria en PolarSSL en versiones anteriores a 1.2.12 y 1.3.x en versiones anteriores a 1.3.9, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una gran cantidad de certificados X.509 manipulados. NOTA: este identificador ha sido SEPARADO por ADT3 debido a las diferentes versiones afectadas. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html http://www.debian.org/security/2014/dsa-3116 https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released • CWE-399: Resource Management Errors •
CVE-2014-4911
https://notcve.org/view.php?id=CVE-2014-4911
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. La función ssl_decrypt_buf en library/ssl_tls.c en PolarSSL anterior a 1.2.11 y 1.3.x anterior a 1.3.8 permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con los suites de cifrado GCM, tal y como fue demostrado al utilizar el juego de herramientas Codenomicon Defensics. • http://secunia.com/advisories/60215 http://www.debian.org/security/2014/dsa-2981 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02 • CWE-310: Cryptographic Issues •
CVE-2013-5914
https://notcve.org/view.php?id=CVE-2013-5914
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet. Buffer overflow en la funcón ssl_read_record en ssl_tls.c de PolarSSL anterior a la versión 1.1.8, cuando se utiliza TLS 1.1, podría permitir a atacantes remotos ejecutar código arbitrario a través de un paquete largo. • http://www.debian.org/security/2013/dsa-2782 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2130
https://notcve.org/view.php?id=CVE-2012-2130
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. Se presenta una vulnerabilidad de Omisión de Seguridad en PolarSSL versiones 0.99pre4 hasta 1.1.1, debido a un error de cifrado débil cuando se generan valores Diffie-Hellman y claves RSA. • http://security.gentoo.org/glsa/glsa-201310-10.xml http://www.securityfocus.com/bid/53610 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130 https://exchange.xforce.ibmcloud.com/vulnerabilities/75726 https://security-tracker.debian.org/tracker/CVE-2012-2130 • CWE-326: Inadequate Encryption Strength •
CVE-2013-5915
https://notcve.org/view.php?id=CVE-2013-5915
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. La implementación RSA-CRT- en PolarSSL anterior a la versión 1.2.9 no realiza adecuadamente la multiplicación Montgomery, lo que podría permitir a atacantes llevar a cabo un ataque timing side-channel y conseguir las llaves privadas RSA. • http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html http://osvdb.org/98049 http://secunia.com/advisories/55084 http://www.debian.org/security/2013/dsa-2782 http://www.securityfocus.com/bid/62771 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05 • CWE-310: Cryptographic Issues •