Published: 22/07/2014 Updated: 04/12/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL prior to 1.2.11 and 1.3.x prior to 1.3.8 allows remote malicious users to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

Vulnerable Product	Search on Vulmon	Subscribe to Product
polarssl polarssl 1.3.6
polarssl polarssl 1.3.4
polarssl polarssl 1.3.7
polarssl polarssl 1.3.2
polarssl polarssl 1.3.0
polarssl polarssl 1.3.5
polarssl polarssl 1.3.3
polarssl polarssl 1.3.1
polarssl polarssl 1.2.0
polarssl polarssl 1.2.7
polarssl polarssl 1.2.9
polarssl polarssl 1.2.1
polarssl polarssl 1.2.2
polarssl polarssl 1.2.3
polarssl polarssl 1.2.4
polarssl polarssl 1.2.5
polarssl polarssl
polarssl polarssl 1.2.6
polarssl polarssl 1.2.8
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 6.0

Debian Bug report logs - #754655 polarssl: CVE-2014-4911: Denial of Service against GCM enabled servers and clients Package: polarssl; Maintainer for polarssl is Roland Stigge <stigge@antcomde>; Reported by: Henri Salo <henri@nervfi> Date: Sun, 13 Jul 2014 07:57:02 UTC Severity: critical Tags: fixed-upstream, secur ...

Debian Bug report logs - #801413 polarssl: CVE-2015-5291: Remote attack on clients using session tickets or SNI Package: src:polarssl; Maintainer for src:polarssl is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Oct 2015 20:03:01 UTC Severity: grave Tags: fixed- ...

CWE-310 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02 http://www.debian.org/security/2014/dsa-2981 http://secunia.com/advisories/60215 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754655

CVE-2014-4911

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect