Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201310-10
HistoryOct 17, 2013 - 12:00 a.m.

PolarSSL: Multiple vulnerabilities

2013-10-1700:00:00
Gentoo Foundation
security.gentoo.org
13

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.04 Low

EPSS

Percentile

92.0%

JSON

Background

PolarSSL is a cryptographic library for embedded systems.

Description

Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might be able to cause Denial of Service, conduct a man-in-the middle attack, compromise an encrypted communication channel, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All PolarSSL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/polarssl-1.3.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/polarssl< 1.3.0UNKNOWN

Related

nessus 40
openvas 35
fedora 14
mageia 2
ubuntucve 9
cve 10
prion 13
debian 3
securityvulns 7
osv 5
freebsd 3
ibm 23
veracode 2
f5 7
hackerone 1
debiancve 6
slackware 1
openssl 1
suse 2
altlinux 4
centos 1
oraclelinux 1
amazon 1
redhat 2
aix 2
alpinelinux 2
ubuntu 2
nessus
nessus
GLSA-201310-10 : PolarSSL: Multiple vulnerabilities
2013-10-18 00:00:00
Debian DSA-2782-1 : polarssl - several vulnerabilities
2013-10-22 00:00:00
Debian DSA-2622-1 : polarssl - several vulnerabilities
2013-02-14 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201310-10
2015-09-29 00:00:00
Fedora Update for polarssl FEDORA-2013-18251
2013-10-15 00:00:00
Fedora Update for polarssl FEDORA-2013-18251
2013-10-15 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: polarssl-1.2.9-1.fc18
2013-10-14 17:17:04
[SECURITY] Fedora 18 Update: polarssl-1.2.9-1.fc18
2013-10-14 07:00:42
[SECURITY] Fedora 18 Update: polarssl-1.2.8-1.fc18
2013-09-20 16:27:34
mageia
mageia
Updated polarssl package fixes security vulnerabilities
2013-09-25 01:41:53
Updated polarssl, pdns & ragel packages fix CVE-2013-5915
2013-12-01 01:15:26
ubuntucve
ubuntucve
CVE-2013-1621
2013-02-08 00:00:00
CVE-2013-5915
2013-10-04 00:00:00
CVE-2012-2130
2019-12-06 00:00:00
cve
cve
CVE-2013-1621
2013-02-08 19:55:00
CVE-2013-5915
2013-10-04 17:55:00
CVE-2012-2130
2019-12-06 18:15:00
prion
prion
Code injection
2013-02-08 19:55:00
Design/Logic Flaw
2013-10-04 17:55:00
Security feature bypass
2019-12-06 18:15:00
debian
debian
[SECURITY] [DSA 2782-1] polarssl security update
2013-10-20 16:41:19
[SECURITY] [DSA 2622-1] polarssl security update
2013-02-13 20:17:01
[SECURITY] [DSA 2621-1] openssl security update
2013-02-13 20:07:41
securityvulns
securityvulns
[SECURITY] [DSA 2782-1] polarssl security update
2013-10-28 00:00:00
PolarSSL multiple security vulnerabilities
2013-10-28 00:00:00
[SECURITY] [DSA 2622-1] polarssl security update
2013-02-14 00:00:00
osv
osv
polarssl - several
2013-10-20 00:00:00
polarssl - several
2013-02-13 00:00:00
CVE-2016-2107
2016-05-05 01:59:00
freebsd
freebsd
polarssl -- Timing attack against protected RSA-CRT implementation
2013-10-01 00:00:00
polarssl -- denial of service vulnerability
2013-06-21 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
ibm
ibm
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2018-06-17 04:48:04
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.
2022-09-25 21:06:56
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)
2018-06-17 04:47:31
veracode
veracode
Timing Attacks
2017-02-10 05:59:15
Timing Side- Channel Attack
2019-01-15 08:52:54
f5
f5
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2013-02-08 00:00:00
K15637 : GnuTLS vulnerability CVE-2013-2116
2014-10-16 00:00:00
hackerone
hackerone
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
debiancve
debiancve
CVE-2013-0169
2013-02-08 19:55:00
CVE-2011-5095
2012-06-20 17:55:00
CVE-2013-1620
2013-02-08 19:55:00
slackware
slackware
openssl
2013-02-11 23:49:59
openssl
openssl
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
Security update for Java (important)
2013-02-22 20:04:33
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-02-20 00:00:00
amazon
amazon
Critical: openssl
2014-04-07 17:26:00
redhat
redhat
(RHSA-2013:0274) Important: java-1.6.0-openjdk security update
2013-02-20 00:00:00
(RHSA-2013:0273) Critical: java-1.6.0-openjdk security update
2013-02-20 00:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2013-03-15 03:20:11
AIX OpenSSH Vulnerability
2013-04-08 15:19:58
alpinelinux
alpinelinux
CVE-2018-0497
2018-07-28 17:29:00
CVE-2016-2107
2016-05-05 01:59:00
ubuntu
ubuntu
OpenSSL regression
2013-02-28 00:00:00
OpenSSL vulnerability
2013-03-25 00:00:00

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.04 Low

EPSS

Percentile

92.0%

JSON
Related for GLSA-201310-10
nessus40openvas35fedora14mageia2ubuntucve9cve10prion13debian3securityvulns7osv5freebsd3ibm23veracode2f57hackerone1debiancve6slackware1openssl1suse2altlinux4centos1oraclelinux1amazon1redhat2aix2alpinelinux2ubuntu2