CVE-2013-1621
PolarSSL < 1.2.5 - Denial of Service via CBC Padding Validation
Title source: llmDescription
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2622
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/02/05/24
Patch, Vendor Advisory x_refsource_confirm
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
Scores
EPSS
0.0207
EPSS Percentile
79.2%
Details
CWE
CWE-20
Status
published
Products (23)
polarssl/polarssl
0.10.0
polarssl/polarssl
0.10.1
polarssl/polarssl
0.11.0
polarssl/polarssl
0.11.1
polarssl/polarssl
0.12.0
polarssl/polarssl
0.12.1
polarssl/polarssl
0.13.1
polarssl/polarssl
0.14.0
polarssl/polarssl
0.14.2
polarssl/polarssl
0.14.3
... and 13 more
Published
Feb 08, 2013
Tracked Since
Feb 18, 2026