CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
92.3%
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0
through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a
pointer in the asn1_sequence linked list, which allows remote attackers to
cause a denial of service (crash) or possibly execute arbitrary code via a
crafted ASN.1 sequence in a certificate.