|
|
Log in / Subscribe / Register

polarssl: multiple vulnerabilities

Package(s):polarssl CVE #(s):CVE-2013-1621 CVE-2013-1622
Created:February 14, 2013 Updated:February 20, 2013
Description:

From the Debian advisory:

CVE-2013-1621: An array index error might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session

CVE-2013-1622: Malformed CBC data in a TLS session could allow remote attackers to conduct distinguishing attacks via statistical analysis of timing side-channel data for crafted packets.

These appear to be related to the "Lucky Thirteen" vulnerabilities.

Alerts:
Gentoo 201310-10 polarssl 2013-10-17
Mageia MGASA-2013-0290 polarssl 2013-09-24
Debian DSA-2622-1 polarssl 2013-02-13
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds