Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-8628

Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.

Published

2015-08-24T15:59:00.090

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-399
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application polarssl polarssl ≤ 1.2.11 Yes
Application polarssl polarssl 1.3.0 Yes
Application polarssl polarssl 1.3.1 Yes
Application polarssl polarssl 1.3.2 Yes
Application polarssl polarssl 1.3.3 Yes
Application polarssl polarssl 1.3.4 Yes
Application polarssl polarssl 1.3.5 Yes
Application polarssl polarssl 1.3.6 Yes
Application polarssl polarssl 1.3.7 Yes
Application polarssl polarssl 1.3.8 Yes
References