FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
72bf9e21-03df-11e3-bd8d-080027ef73ecpolarssl -- denial of service vulnerability

Paul Bakker reports:

A bug in the logic of the parsing of PEM encoded certificates in x509parse_crt() can result in an infinite loop, thus hogging processing power.

While parsing a Certificate message during the SSL/TLS handshake, PolarSSL extracts the presented certificates and sends them on to be parsed. As the RFC specifies that the certificates in the Certificate message are always X.509 certificates in DER format, bugs in the decoding of PEM certificates should normally not be triggerable via the SSL/TLS handshake.

Versions of PolarSSL prior to 1.1.7 in the 1.1 branch and prior to 1.2.8 in the 1.2 branch call the generic x509parse_crt() function for parsing during the handshake. x509parse_crt() is a generic functions that wraps parsing of both PEM-encoded and DER-formatted certificates. As a result it is possible to craft a Certificate message that includes a PEM encoded certificate in the Certificate message that triggers the infinite loop.


Discovery 2013-06-21
Entry 2013-08-13
Modified 2013-08-15
polarssl
< 1.2.8

CVE-2013-4623
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03
ccefac3e-2aed-11e3-af10-000c29789cb5polarssl -- Timing attack against protected RSA-CRT implementation

PolarSSL Project reports:

The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount an attack on the RSA key. Although their test attack is done on a local system, there seems to be enough indication that this can properly be performed from a remote system as well.

All versions prior to PolarSSL 1.2.9 and 1.3.0 are affected if a third party can send arbitrary handshake messages to your server.

If correctly executed, this attack reveals the entire private RSA key after a large number of attack messages (> 600.000 on a local machine) are sent to show the timing differences.


Discovery 2013-10-01
Entry 2013-10-02
polarssl
< 1.2.9

CVE-2013-5915
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
https://polarssl.org/tech-updates/releases/polarssl-1.2.9-released
d3216606-2b47-11e5-a668-080027ef73ecPolarSSL -- Security Fix Backports

Paul Bakker reports:

PolarSSL 1.2.14 fixes one remotely-triggerable issues that was found by the Codenomicon Defensics tool, one potential remote crash and countermeasures against the "Lucky 13 strikes back" cache-based attack.


Discovery 2015-06-26
Entry 2015-07-15
polarssl
< 1.2.14

https://tls.mbed.org/tech-updates/releases/polarssl-1.2.14-released