Summary
It was discovered that a memory leak
in parsing X.509 certificates may result in denial of service.
Solution
For the stable distribution (wheezy),
this problem has been fixed in version 1.2.9-1~deb7u4.
For the upcoming stable distribution (jessie), this problem has been fixed in version 1.3.9-1.
For the unstable distribution (sid), this problem has been fixed in version 1.3.9-1.
We recommend that you upgrade your polarssl packages.
Insight
PolarSSL is a fork of the abandonned
project XySSL. It is a lean crypto library providing SSL and TLS support in your programs.
Affected
polarssl on Debian Linux
Detection
This check tests the installed software
version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8628 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities