Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2014-8628

Published: 24/08/2015 Updated: 07/11/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Polarssl

Vulnerability Summary

Memory leak in PolarSSL prior to 1.2.12 and 1.3.x prior to 1.3.9 allows remote malicious users to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.

Vulnerable Product Search on Vulmon Subscribe to Product

polarssl polarssl 1.3.1

polarssl polarssl 1.3.4

polarssl polarssl 1.3.2

polarssl polarssl 1.3.6

polarssl polarssl 1.3.7

polarssl polarssl 1.3.3

polarssl polarssl 1.3.8

polarssl polarssl 1.3.5

polarssl polarssl

polarssl polarssl 1.3.0

Vendor Advisories

Debian CVElist Bug Report Logs: polarssl: CVE-2015-5291: Remote attack on clients using session tickets or SNI
Debian Bug report logs - #801413 polarssl: CVE-2015-5291: Remote attack on clients using session tickets or SNI Package: src:polarssl; Maintainer for src:polarssl is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Oct 2015 20:03:01 UTC Severity: grave Tags: fixed- ...
Debian Security Advisories: DSA-3116-1 polarssl -- security update
It was discovered that a memory leak in parsing X509 certificates may result in denial of service For the stable distribution (wheezy), this problem has been fixed in version 129-1~deb7u4 For the upcoming stable distribution (jessie), this problem has been fixed in version 139-1 For the unstable distribution (sid), this problem has been fix ...

References

CWE-399http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.htmlhttp://www.debian.org/security/2014/dsa-3116https://polarssl.org/tech-updates/releases/polarssl-1.3.9-releasedhttps://polarssl.org/tech-updates/releases/polarssl-1.2.12-releasedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801413https://www.debian.org/security/./dsa-3116https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook