Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-4623

Published: 30/09/2013 Updated: 31/10/2013
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Polarssl

Vulnerability Summary

The x509parse_crt function in x509.h in PolarSSL 1.1.x prior to 1.1.7 and 1.2.x prior to 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

polarssl polarssl 1.2.7

polarssl polarssl 1.2.0

polarssl polarssl 1.1.0

polarssl polarssl 1.2.5

polarssl polarssl 1.2.6

polarssl polarssl 1.1.5

polarssl polarssl 1.1.6

polarssl polarssl 1.2.1

polarssl polarssl 1.2.2

polarssl polarssl 1.1.1

polarssl polarssl 1.1.2

polarssl polarssl 1.2.3

polarssl polarssl 1.2.4

polarssl polarssl 1.1.3

polarssl polarssl 1.1.4

Vendor Advisories

Debian Security Advisories: DSA-2782-1 polarssl -- several vulnerabilities
Multiple security issues have been discovered in PolarSSL, a lightweight crypto and SSL/TLS library: CVE-2013-4623 Jack Lloyd discovered a denial of service vulnerability in the parsing of PEM-encoded certificates CVE-2013-5914 Paul Brodeur and TrustInSoft discovered a buffer overflow in the ssl_read_record() function, allowing th ...
Debian CVElist Bug Report Logs: polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake
Debian Bug report logs - #719954 polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake Package: polarssl; Maintainer for polarssl is Roland Stigge <stigge@antcomde>; Reported by: Henri Salo <henri@nervfi> Date: Sat, 17 Aug 2013 07:42:01 UTC Severity: important Tags: fixed-upstream, ...
Debian CVElist Bug Report Logs: polarssl: CVE-2009-3555
Debian Bug report logs - #704946 polarssl: CVE-2009-3555 Package: polarssl; Maintainer for polarssl is Roland Stigge <stigge@antcomde>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 8 Apr 2013 02:39:02 UTC Severity: important Tags: security Fixed in version polarssl/131-1 Done: Roland Stigge &lt ...
Debian CVElist Bug Report Logs: polarssl: CVE-2013-5914 CVE-2013-5915
Debian Bug report logs - #725359 polarssl: CVE-2013-5914 CVE-2013-5915 Package: polarssl; Maintainer for polarssl is Roland Stigge <stigge@antcomde>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 4 Oct 2013 14:15:10 UTC Severity: grave Tags: pending, security Found in version 128-2 Fixed in version ...

References

CWE-20http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=997767https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03http://www.securityfocus.com/bid/61764http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.htmlhttp://www.debian.org/security/2013/dsa-2782https://nvd.nist.govhttps://www.debian.org/security/./dsa-2782
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook