Array Index Error in SSL Module in PolarSSL: Denial of Service via Crafted Padding-Length Value

Array Index Error in SSL Module in PolarSSL: Denial of Service via Crafted Padding-Length Value

CVE-2013-1621 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.

Learn more about our Web Application Penetration Testing UK.