fkie_nvd - fkie_cve-2013-5914

fkie_cve-2013-5914

Vulnerability from fkie_nvd

Published

2013-10-26 17:55

Modified

2025-04-11 00:51

Severity ?

Summary

Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.

References

URL	Tags
cve@mitre.org	http://www.debian.org/security/2013/dsa-2782
cve@mitre.org	https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2782
af854a3a-2127-422b-91ae-364da2661108	https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
polarssl	polarssl	*
polarssl	polarssl	1.0.0
polarssl	polarssl	1.1.0
polarssl	polarssl	1.1.0
polarssl	polarssl	1.1.0
polarssl	polarssl	1.1.1
polarssl	polarssl	1.1.2
polarssl	polarssl	1.1.3
polarssl	polarssl	1.1.4
polarssl	polarssl	1.1.5
polarssl	polarssl	1.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F793ED-6FDD-42F4-B87F-47A4D8D905A0",
              "versionEndIncluding": "1.1.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9001635-AA9C-4165-B021-2B296CF6DE1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D105753-A704-4BF4-BD7A-99985911B943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet."
    },
    {
      "lang": "es",
      "value": "Buffer overflow en la func\u00f3n ssl_read_record en ssl_tls.c de PolarSSL anterior a la versi\u00f3n 1.1.8, cuando se utiliza TLS 1.1, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete largo."
    }
  ],
  "id": "CVE-2013-5914",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-26T17:55:03.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-5914 (GCVE-0-2013-5914)

Vulnerability from cvelistv5

Published

2013-10-26 17:00