Known Vulnerabilities for products from Polarssl
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Polarssl".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2015-8036 | Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL ser... | 6.8 - MEDIUM | 2015-11-02 | 2019-06-19 |
| CVE-2015-5291 | Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x bef... | 6.8 - MEDIUM | 2015-11-02 | 2019-06-19 |
| CVE-2015-1182 | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not prop... | 7.5 - HIGH | 2015-01-27 | 2018-10-30 |
| CVE-2014-9744 | Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large nu... | 7.8 - HIGH | 2015-08-24 | 2018-10-30 |
| CVE-2014-8628 | Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory con... | 7.8 - HIGH | 2015-08-24 | 2023-11-07 |
| CVE-2014-8627 | PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade... | 5 - MEDIUM | 2014-11-24 | 2023-11-07 |
| CVE-2014-4911 | The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to... | 5 - MEDIUM | 2014-07-22 | 2015-12-04 |
| CVE-2013-5915 | The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow re... | 4.3 - MEDIUM | 2013-10-04 | 2013-10-31 |
| CVE-2013-5914 | Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote... | 6.8 - MEDIUM | 2013-10-26 | 2013-10-28 |
| CVE-2013-4623 | The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificat... | 4.3 - MEDIUM | 2013-09-30 | 2013-10-31 |
| CVE-2013-1621 | Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via ve... | 4.3 - MEDIUM | 2013-02-08 | 2013-03-08 |
| CVE-2013-0169 | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do... | 2.6 - LOW | 2013-02-08 | 2023-05-12 |
| CVE-2012-2130 | A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diff... | 7.4 - HIGH | 2019-12-06 | 2019-12-18 |
| CVE-2011-4574 | PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information... | 9.8 - CRITICAL | 2021-10-27 | 2021-10-28 |
| CVE-2011-1923 | The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public paramet... | 4 - MEDIUM | 2012-06-20 | 2013-10-24 |
Known software with vulnerabilities from Polarssl
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Polarssl | Polarssl | 0.10.0 |