Lucene search
MitreCVE-2014-4911HistoryJul 22, 2014 - 2:55 p.m.
CVE-2014-4911
2014-07-2214:55:09
CWE-310
mitre
web.nvd.nist.gov
40
polarssl
denial of service
cve-2014-4911
gcm ciphersuites
ssl_decrypt_buf
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.3
Confidence
Low
EPSS
0.004
Percentile
74.9%
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
Affected configurations
Node
polarsslpolarsslMatch1.3.0
ORpolarsslpolarsslMatch1.3.0alpha1
ORpolarsslpolarsslMatch1.3.0rc0
ORpolarsslpolarsslMatch1.3.1
ORpolarsslpolarsslMatch1.3.2
ORpolarsslpolarsslMatch1.3.3
ORpolarsslpolarsslMatch1.3.4
ORpolarsslpolarsslMatch1.3.5
ORpolarsslpolarsslMatch1.3.6
ORpolarsslpolarsslMatch1.3.7
Node
polarsslpolarsslRange≤1.2.10
ORpolarsslpolarsslMatch1.2.0
ORpolarsslpolarsslMatch1.2.1
ORpolarsslpolarsslMatch1.2.2
ORpolarsslpolarsslMatch1.2.3
ORpolarsslpolarsslMatch1.2.4
ORpolarsslpolarsslMatch1.2.5
ORpolarsslpolarsslMatch1.2.6
ORpolarsslpolarsslMatch1.2.7
ORpolarsslpolarsslMatch1.2.8
ORpolarsslpolarsslMatch1.2.9
Node
debiandebian_linuxMatch6.0
ORdebiandebian_linuxMatch7.0
ORdebiandebian_linuxMatch8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| polarssl | polarssl | 1.3.0 | cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.0 | cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.0 | cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.1 | cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.2 | cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.3 | cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.4 | cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.5 | cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.6 | cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.7 | cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2014-07-22 14:55:00
securityvulns
securityvulns
PolarSSL DoS
2014-07-22 00:00:00
[SECURITY] [DSA 2981-1] polarssl security update
2014-07-22 00:00:00
debian
debian
[SECURITY] [DSA 2981-1] polarssl security update
2014-07-18 15:26:02
[DLA 36-1] polarssl security update
2014-08-11 17:31:44
[SECURITY] [DSA 2981-1] polarssl security update
2014-07-18 15:26:02
openvas
openvas
Debian: Security Advisory (DLA-36-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-2981-1)
2014-07-17 00:00:00
Debian Security Advisory DSA 2981-1 (polarssl - security update)
2014-07-18 00:00:00
osv
osv
polarssl - security update
2014-08-11 00:00:00
cvelist
cvelist
CVE-2014-4911
2014-07-22 14:00:00
ubuntucve
ubuntucve
CVE-2014-4911
2014-07-22 00:00:00
nessus
nessus
Fedora 19 : polarssl-1.2.11-1.fc19 (2014-8310)
2014-07-22 00:00:00
Fedora 20 : polarssl-1.2.11-1.fc20 (2014-8316)
2014-07-22 00:00:00
Debian DSA-2981-1 : polarssl - security update
2014-07-20 00:00:00
nvd
nvd
CVE-2014-4911
2014-07-22 14:55:09
mageia
mageia
Updated polarssl packages fix security vulnerability
2014-08-06 00:08:48
Updated polarssl & hiawatha packages fix security vulnerabilities
2015-05-05 16:36:50
fedora
fedora
[SECURITY] Fedora 19 Update: polarssl-1.2.11-1.fc19
2014-07-22 03:29:38
[SECURITY] Fedora 20 Update: polarssl-1.2.11-1.fc20
2014-07-22 03:29:26
[SECURITY] Fedora 20 Update: polarssl-1.2.12-3.fc20
2015-01-30 04:31:47
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.3
Confidence
Low
EPSS
0.004
Percentile
74.9%
Related for CVE-2014-4911