FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

polarssl -- Remote attack using crafted certificates

Affected packages
1.2.0 <= polarssl < 1.2.12_1
1.3.0 <= polarssl13 < 1.3.9_1


VuXML ID a5856eba-a015-11e4-a680-1c6f65c3c4ff
Discovery 2015-01-14
Entry 2015-01-19

PolarSSL team reports:

During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1_sequence is not initialized by asn1_get_sequence_of(). In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarssl_free().

This sequence can be triggered when a PolarSSL entity is parsing a certificate. So practically this means clients when receiving a certificate from the server or servers in case they are actively asking for a client certificate.


CVE Name CVE-2015-1182