[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1182Date: (C)2015-01-28   (M)2023-12-22


The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-62270
SECUNIA-62610
DSA-3136
FEDORA-2015-0991
FEDORA-2015-1045
GLSA-201801-15
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
openSUSE-SU-2015:0186

CPE    35
cpe:/a:polarssl:polarssl:1.2.11
cpe:/a:polarssl:polarssl:1.2.10
cpe:/a:polarssl:polarssl:1.1.0:rc1
cpe:/a:polarssl:polarssl:1.1.0:rc0
...
OVAL    3
oval:org.secpod.oval:def:601927
oval:org.secpod.oval:def:108358
oval:org.secpod.oval:def:108355

© SecPod Technologies