Lucene search
MicrofocusCVE-2014-8628HistoryAug 24, 2015 - 3:59 p.m.
CVE-2014-8628
2015-08-2415:59:00
CWE-399
microfocus
web.nvd.nist.gov
38
cve-2014-8628
memory leak
polarssl
denial of service
dos
x.509 certificates
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.4
Confidence
Low
EPSS
0.009
Percentile
83.2%
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.
Affected configurations
Node
polarsslpolarsslRange≤1.2.11
ORpolarsslpolarsslMatch1.3.0
ORpolarsslpolarsslMatch1.3.1
ORpolarsslpolarsslMatch1.3.2
ORpolarsslpolarsslMatch1.3.3
ORpolarsslpolarsslMatch1.3.4
ORpolarsslpolarsslMatch1.3.5
ORpolarsslpolarsslMatch1.3.6
ORpolarsslpolarsslMatch1.3.7
ORpolarsslpolarsslMatch1.3.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| polarssl | polarssl | * | cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.0 | cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.1 | cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.2 | cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.3 | cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.4 | cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.5 | cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.6 | cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.7 | cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:* |
| polarssl | polarssl | 1.3.8 | cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2014-8628
2015-08-24 15:59:00
CVE-2014-9744
2015-08-24 15:59:03
ubuntucve
ubuntucve
CVE-2014-9744
2015-08-24 00:00:00
CVE-2014-8628
2015-08-24 00:00:00
prion
prion
Memory corruption
2015-08-24 15:59:00
Memory corruption
2015-08-24 15:59:00
cvelist
cvelist
CVE-2014-8628
2015-08-24 15:00:00
CVE-2014-9744
2015-08-24 15:00:00
cve
cve
CVE-2014-9744
2015-08-24 15:59:03
openvas
openvas
Debian: Security Advisory (DSA-3116-1)
2014-12-29 00:00:00
Debian Security Advisory DSA 3116-1 (polarssl - security update)
2014-12-30 00:00:00
Debian: Security Advisory (DLA-129-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 129-1] polarssl security update
2015-01-03 21:32:56
[SECURITY] [DSA 3116-1] polarssl security update
2014-12-30 01:19:54
securityvulns
securityvulns
[SECURITY] [DSA 3116-1] polarssl security update
2014-12-30 00:00:00
PolarSSL DoS
2014-12-30 00:00:00
nessus
nessus
Debian DLA-129-1 : polarssl security update
2015-03-26 00:00:00
Debian DSA-3116-1 : polarssl - security update
2015-01-02 00:00:00
Fedora 19 : polarssl-1.2.12-1.fc19 (2014-14912)
2014-11-24 00:00:00
mageia
mageia
Updated polarssl package fix security vulnerabilities
2014-11-22 13:54:50
Updated polarssl & hiawatha packages fix security vulnerabilities
2015-05-05 16:36:50
archlinux
archlinux
polarssl: multiple issues
2014-11-06 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: polarssl-1.2.12-3.fc20
2015-01-30 04:31:47
[SECURITY] Fedora 20 Update: polarssl-1.2.12-1.fc20
2014-11-22 12:45:21
[SECURITY] Fedora 19 Update: polarssl-1.2.12-1.fc19
2014-11-22 12:43:01
osv
osv
libmbedcrypto0-2.4.0-1.2 on GA media
2024-06-15 00:00:00
libmbedcrypto7-2.28.3-1.1 on GA media
2024-06-15 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.4
Confidence
Low
EPSS
0.009
Percentile
83.2%
Related for CVE-2014-8628