Description
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2782
Scores
EPSS
0.0300
EPSS Percentile
85.8%
Details
CWE
CWE-119
Status
published
Products (9)
polarssl/polarssl
1.0.0
polarssl/polarssl
1.1.0 (3 CPE variants)
polarssl/polarssl
1.1.1
polarssl/polarssl
1.1.2
polarssl/polarssl
1.1.3
polarssl/polarssl
1.1.4
polarssl/polarssl
1.1.5
polarssl/polarssl
1.1.6
polarssl/polarssl
< 1.1.7
Published
Oct 26, 2013
Tracked Since
Feb 18, 2026