What is the severity of CVE-2013-1621?

CVE-2013-1621 has been categorized as a moderate severity vulnerability, primarily impacting the availability of systems using affected PolarSSL versions.

How do I fix CVE-2013-1621?

To fix CVE-2013-1621, upgrade PolarSSL to version 1.2.5 or later, which resolves the array index error in the SSL module.

What types of attacks can CVE-2013-1621 be exploited for?

CVE-2013-1621 can be exploited to perform denial-of-service attacks by causing a TLS session to fail during CBC padding validation.

Which PolarSSL versions are affected by CVE-2013-1621?

CVE-2013-1621 affects PolarSSL versions prior to 1.2.5, including all versions from 0.10.0 up to 1.2.4.

Is there a workaround for CVE-2013-1621 if I cannot upgrade?

No official workaround is provided for CVE-2013-1621, and upgrading to a patched version is strongly recommended for security.

Vulnerability/
CVE-2013-1621

medium

4.3

CWE

8/2/2013

8/3/2013

CVE-2013-1621: Input Validation

First published: Fri Feb 08 2013(Updated: )

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PolarSSL	<=1.2.4
PolarSSL	=0.10.0
PolarSSL	=0.10.1
PolarSSL	=0.11.0
PolarSSL	=0.11.1
PolarSSL	=0.12.0
PolarSSL	=0.12.1
PolarSSL	=0.13.1
PolarSSL	=0.14.0
PolarSSL	=0.14.2
PolarSSL	=0.14.3
PolarSSL	=0.99-pre1
PolarSSL	=0.99-pre3
PolarSSL	=0.99-pre4
PolarSSL	=0.99-pre5
PolarSSL	=1.0.0
PolarSSL	=1.1.0
PolarSSL	=1.1.0-rc0
PolarSSL	=1.1.0-rc1
PolarSSL	=1.1.1
PolarSSL	=1.1.2
PolarSSL	=1.1.3
PolarSSL	=1.1.4
PolarSSL	=1.1.5
PolarSSL	=1.2.0
PolarSSL	=1.2.1
PolarSSL	=1.2.2
PolarSSL	=1.2.3

Remedy

https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1621?
CVE-2013-1621 has been categorized as a moderate severity vulnerability, primarily impacting the availability of systems using affected PolarSSL versions.
How do I fix CVE-2013-1621?
To fix CVE-2013-1621, upgrade PolarSSL to version 1.2.5 or later, which resolves the array index error in the SSL module.
What types of attacks can CVE-2013-1621 be exploited for?
CVE-2013-1621 can be exploited to perform denial-of-service attacks by causing a TLS session to fail during CBC padding validation.
Which PolarSSL versions are affected by CVE-2013-1621?
CVE-2013-1621 affects PolarSSL versions prior to 1.2.5, including all versions from 0.10.0 up to 1.2.4.
Is there a workaround for CVE-2013-1621 if I cannot upgrade?
No official workaround is provided for CVE-2013-1621, and upgrading to a patched version is strongly recommended for security.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/remedy
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/polarssl
canonical/polarssl
version/polarssl/1.2.4
version/polarssl/0.10.0
version/polarssl/0.10.1
version/polarssl/0.11.0
version/polarssl/0.11.1
version/polarssl/0.12.0
version/polarssl/0.12.1
version/polarssl/0.13.1
version/polarssl/0.14.0
version/polarssl/0.14.2
version/polarssl/0.14.3
version/polarssl/0.99-pre1
version/polarssl/0.99-pre3
version/polarssl/0.99-pre4
version/polarssl/0.99-pre5
version/polarssl/1.0.0
version/polarssl/1.1.0
version/polarssl/1.1.0-rc0
version/polarssl/1.1.0-rc1
version/polarssl/1.1.1
version/polarssl/1.1.2
version/polarssl/1.1.3
version/polarssl/1.1.4
version/polarssl/1.1.5
version/polarssl/1.2.0
version/polarssl/1.2.1
version/polarssl/1.2.2
version/polarssl/1.2.3