CVE-2013-4623

Priority
Description
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and
1.2.x before 1.2.8 does not properly parse certificate messages during the
SSL/TLS handshake, which allows remote attackers to cause a denial of
service (infinite loop and CPU consumption) via a certificate message that
contains a PEM encoded certificate.
Notes
Package
Upstream:released (1.2.8-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.2.8-2)
Package
Upstream:released (1.2.8-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.2.8-2])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859
More Information

Updated: 2019-12-05 21:05:50 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)