DSA-2782-1 polarssl -- severalID: oval:org.secpod.oval:def:601131 | Date: (C)2013-10-21 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple security issues have been discovered in PolarSSL, a lightweight crypto and SSL/TLS library: CVE-2013-4623 Jack Lloyd discovered a denial of service vulnerability in the parsing of PEM-encoded certificates. CVE-2013-5914 Paul Brodeur and TrustInSoft discovered a buffer overflow in the ssl_read_record function, allowing the potential execution of arbitrary code. CVE-2013-5915 Cyril Arnaud and Pierre-Alain Fouque discovered timimg attacks against the RSA implementation.
Product: |
libpolarssl-dev |
libpolarssl-runtime |