CVE-2013-5914

Published Oct 26, 2013

Last updated 11 years ago

Overview

Description: Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83F793ED-6FDD-42F4-B87F-47A4D8D905A0",
            "versionEndIncluding": "1.1.7"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9001635-AA9C-4165-B021-2B296CF6DE1B"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D105753-A704-4BF4-BD7A-99985911B943"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References