CVE-2013-4623

Published September 30th, 2013

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.

Mbed-TLS/mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

GitHub

6.69K