CVE-2013-4623

2013-09-30T18:55:04
ID CVE-2013-4623
Type cve
Reporter NVD
Modified 2013-10-30T23:35:02

Description

The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.