Candidate: CVE-2013-4623
PublicDate: 2013-09-30 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4623
 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03
Description:
 The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and
 1.2.x before 1.2.8 does not properly parse certificate messages during the
 SSL/TLS handshake, which allows remote attackers to cause a denial of
 service (infinite loop and CPU consumption) via a certificate message that
 contains a PEM encoded certificate.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719954
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_polarssl:
 upstream: https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859
upstream_polarssl: released (1.2.8-1)
lucid_polarssl: ignored (reached end-of-life)
precise_polarssl: ignored (reached end-of-life)
precise/esm_polarssl: DNE (precise was needed)
quantal_polarssl: ignored (reached end-of-life)
raring_polarssl: ignored (reached end-of-life)
saucy_polarssl: not-affected (1.2.8-2)
trusty_polarssl: not-affected (1.2.8-2)
trusty/esm_polarssl: DNE (trusty was not-affected [1.2.8-2])
utopic_polarssl: not-affected (1.2.8-2)
vivid_polarssl: not-affected (1.2.8-2)
vivid/stable-phone-overlay_polarssl: DNE
vivid/ubuntu-core_polarssl: DNE
wily_polarssl: not-affected (1.2.8-2)
xenial_polarssl: DNE
yakkety_polarssl: DNE
zesty_polarssl: DNE
devel_polarssl: DNE

Patches_mbedtls:
upstream_mbedtls: released (1.2.8-1)
precise_mbedtls: DNE
precise/esm_mbedtls: DNE
trusty_mbedtls: DNE
trusty/esm_mbedtls: DNE
vivid/stable-phone-overlay_mbedtls: DNE
vivid/ubuntu-core_mbedtls: DNE
wily_mbedtls: DNE
xenial_mbedtls: not-affected (1.2.8-2)
yakkety_mbedtls: not-affected (1.2.8-2)
zesty_mbedtls: not-affected (1.2.8-2)
devel_mbedtls: not-affected (1.2.8-2)