What is the severity of REDHAT-BUG-997767?

The severity of REDHAT-BUG-997767 is considered high due to the potential for an infinite loop that can consume excessive processing power.

How do I fix REDHAT-BUG-997767?

To fix REDHAT-BUG-997767, update PolarSSL to a version later than 1.2.8.

Who is affected by REDHAT-BUG-997767?

All users of PolarSSL versions up to 1.2.8 are affected by REDHAT-BUG-997767.

Can REDHAT-BUG-997767 be exploited remotely?

Yes, a remote attacker can exploit REDHAT-BUG-997767 to cause denial of service on a TLS/SSL server.

What products are vulnerable due to REDHAT-BUG-997767?

The products vulnerable due to REDHAT-BUG-997767 are the PolarSSL libraries below version 1.2.8.

Vulnerability/
REDHAT-BUG-997767

medium

16/8/2013

17/2/2021

REDHAT-BUG-997767

First published: Fri Aug 16 2013(Updated: )

From the PolarSSL Security Advisory 2013-03 advisory: "A bug in the logic of the parsing of PEM encoded certificates in x509parse_crt() can result in an infinite loop, thus hogging processing power." A remote attacker could use this flaw to make a TLS/SSL server using PolarSSL consume an excessive amount of CPU. This issue was corrected in PolarSSL versions 1.1.7 and 1.2.8. (Versions prior to these are affected.) External References: <a href="https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03">https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03</a>

Affected Software	Affected Version	How to fix
PolarSSL	<1.1.7<1.2.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-997767?
The severity of REDHAT-BUG-997767 is considered high due to the potential for an infinite loop that can consume excessive processing power.
How do I fix REDHAT-BUG-997767?
To fix REDHAT-BUG-997767, update PolarSSL to a version later than 1.2.8.
Who is affected by REDHAT-BUG-997767?
All users of PolarSSL versions up to 1.2.8 are affected by REDHAT-BUG-997767.
Can REDHAT-BUG-997767 be exploited remotely?
Yes, a remote attacker can exploit REDHAT-BUG-997767 to cause denial of service on a TLS/SSL server.
What products are vulnerable due to REDHAT-BUG-997767?
The products vulnerable due to REDHAT-BUG-997767 are the PolarSSL libraries below version 1.2.8.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-4623
agent/severity
agent/description
agent/event
agent/trending
agent/source
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/polarssl
canonical/polarssl

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.