CVE-2013-5914

PolarSSL < 1.1.8 - Buffer Overflow via Long TLS 1.1 Packet

Title source: llm
STIX 2.1

Description

Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2782

Scores

EPSS 0.0300
EPSS Percentile 85.8%

Details

CWE
CWE-119
Status published
Products (9)
polarssl/polarssl 1.0.0
polarssl/polarssl 1.1.0 (3 CPE variants)
polarssl/polarssl 1.1.1
polarssl/polarssl 1.1.2
polarssl/polarssl 1.1.3
polarssl/polarssl 1.1.4
polarssl/polarssl 1.1.5
polarssl/polarssl 1.1.6
polarssl/polarssl < 1.1.7
Published Oct 26, 2013
Tracked Since Feb 18, 2026