HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2014-8628

CVSS 7.8v2.0pub. 2015-08-24upd. 2026-05-06

Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.

CVSS Vector
AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Polarssl

    APP
    Polarssl
    1.3.01.3.11.3.21.3.31.3.41.3.51.3.61.3.71.3.8≤ 1.2.11
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2011-4574CRITICAL9.8ten sam produkt

PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses tim...

CVE-2012-2130HIGH7.4ten sam produkt

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when ...

CVE-2014-9744HIGH7.8ten sam produkt

Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption)...

CVE-2015-1182HIGH7.5ten sam produkt

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3....

CVE-2015-5291MEDIUM6.8ten sam produkt

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3...