CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
polarsslpolarssl
𝑥
≤ 1.2.4
polarsslpolarssl
0.10.0
polarsslpolarssl
0.10.1
polarsslpolarssl
0.11.0
polarsslpolarssl
0.11.1
polarsslpolarssl
0.12.0
polarsslpolarssl
0.12.1
polarsslpolarssl
0.13.1
polarsslpolarssl
0.14.0
polarsslpolarssl
0.14.2
polarsslpolarssl
0.14.3
polarsslpolarssl
0.99:pre1
polarsslpolarssl
0.99:pre3
polarsslpolarssl
0.99:pre4
polarsslpolarssl
0.99:pre5
polarsslpolarssl
1.0.0
polarsslpolarssl
1.1.0
polarsslpolarssl
1.1.0:rc0
polarsslpolarssl
1.1.0:rc1
polarsslpolarssl
1.1.1
polarsslpolarssl
1.1.2
polarsslpolarssl
1.1.3
polarsslpolarssl
1.1.4
polarsslpolarssl
1.1.5
polarsslpolarssl
1.2.0
polarsslpolarssl
1.2.1
polarsslpolarssl
1.2.2
polarsslpolarssl
1.2.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mbedtls
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
dne
trusty
dne
precise
dne
polarssl
zesty
dne
yakkety
dne
xenial
dne
wily
not-affected
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
Fixed 0.12.1-1squeeze1build0.10.04.1
released
hardy
dne
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2013/02/05/24
http://www.debian.org/security/2013/dsa-2622
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
http://openwall.com/lists/oss-security/2013/02/05/24
http://www.debian.org/security/2013/dsa-2622
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released