Search Results (Refine Search)
- CPE Product Version: cpe:/a:polarssl:polarssl:0.99:pre3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-5915 |
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. Published: October 04, 2013; 1:55:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1621 |
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. Published: February 08, 2013; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0169 |
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. Published: February 08, 2013; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |