Description
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
References (2)
Core 2
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html
Patch, Vendor Advisory x_refsource_confirm
https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released
Scores
EPSS
0.0049
EPSS Percentile
65.9%
Details
CWE
CWE-399
Status
published
Products (2)
opensuse/opensuse
13.2
polarssl/polarssl
< 1.3.8
Published
Aug 24, 2015
Tracked Since
Feb 18, 2026