UBUNTU-CVE-2013-4623

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2013-4623

Published: 30 Sept 2013, 22:55

Last modified:16 Jul 2025, 07:31

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Sept 2013, 22:55

Published

Vulnerability first disclosed

16 Jul 2025, 07:31

Last Modified

Vulnerability information updated

Description

The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.

Affected Systems

ubuntu•polarssl
< 1.2.8-2

References (3)

https://ubuntu.com/security/CVE-2013-4623
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03
https://www.cve.org/CVERecord?id=CVE-2013-4623