Paul Bakker

1 exploit Active since Sep 2013
CVE-2013-4623 WRITEUP WRITEUP
PolarSSL 1.1.x < 1.1.7 and 1.2.x < 1.2.8 - Denial of Service via PEM Encoded Certificate
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.