CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.

Published: Feb 8, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1621
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
polarssl / polarssl	-	1.2.4.x
polarssl / polarssl	0.14.2	0.14.2.x
polarssl / polarssl	0.11.0	0.11.0.x
polarssl / polarssl	1.0.0	1.0.0.x
polarssl / polarssl	0.13.1	0.13.1.x
polarssl / polarssl	1.1.3	1.1.3.x
polarssl / polarssl	0.12.1	0.12.1.x
polarssl / polarssl	0.99-pre3	0.99-pre3.x
polarssl / polarssl	0.99-pre5	0.99-pre5.x
polarssl / polarssl	0.11.1	0.11.1.x
polarssl / polarssl	1.1.4	1.1.4.x
polarssl / polarssl	1.2.2	1.2.2.x
polarssl / polarssl	0.14.0	0.14.0.x
polarssl / polarssl	1.2.3	1.2.3.x
polarssl / polarssl	1.1.1	1.1.1.x
polarssl / polarssl	0.99-pre1	0.99-pre1.x
polarssl / polarssl	1.2.0	1.2.0.x
polarssl / polarssl	1.2.1	1.2.1.x
polarssl / polarssl	1.1.2	1.1.2.x
polarssl / polarssl	0.14.3	0.14.3.x
polarssl / polarssl	1.1.0-rc1	1.1.0-rc1.x
polarssl / polarssl	1.1.5	1.1.5.x
polarssl / polarssl	1.1.0-rc0	1.1.0-rc0.x
polarssl / polarssl	1.1.0	1.1.0.x
polarssl / polarssl	0.10.1	0.10.1.x
polarssl / polarssl	0.99-pre4	0.99-pre4.x
polarssl / polarssl	0.12.0	0.12.0.x
polarssl / polarssl	0.10.0	0.10.0.x

Vulnerability Database

289,697

CVE-2013-1621