QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4623

Published: Sep 30, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2013-16258

vendor-advisory

x_refsource_FEDORA

https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03

x_refsource_CONFIRM

FEDORA-2013-16317

vendor-advisory

x_refsource_FEDORA

https://bugzilla.redhat.com/show_bug.cgi?id=997767

x_refsource_CONFIRM

FEDORA-2013-16356

vendor-advisory

x_refsource_FEDORA

https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.