CVE-2013-1621

PolarSSL < 1.2.5 - Denial of Service via CBC Padding Validation

Title source: llm
STIX 2.1

Description

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2622
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/02/05/24
Patch, Vendor Advisory x_refsource_confirm
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released

Scores

EPSS 0.0207
EPSS Percentile 79.2%

Details

CWE
CWE-20
Status published
Products (23)
polarssl/polarssl 0.10.0
polarssl/polarssl 0.10.1
polarssl/polarssl 0.11.0
polarssl/polarssl 0.11.1
polarssl/polarssl 0.12.0
polarssl/polarssl 0.12.1
polarssl/polarssl 0.13.1
polarssl/polarssl 0.14.0
polarssl/polarssl 0.14.2
polarssl/polarssl 0.14.3
... and 13 more
Published Feb 08, 2013
Tracked Since Feb 18, 2026