Search Results (Refine Search)
- CPE Product Version: cpe:/a:polarssl:polarssl:1.2.16
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8036 |
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. Published: November 02, 2015; 2:59:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5291 |
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. Published: November 02, 2015; 2:59:05 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-9744 |
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions. Published: August 24, 2015; 11:59:03 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |