FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

polarssl -- Remote attack using crafted certificates

Affected packages
1.2.0 <= polarssl < 1.2.12_1
1.3.0 <= polarssl13 < 1.3.9_1

Details

VuXML ID a5856eba-a015-11e4-a680-1c6f65c3c4ff
Discovery 2015-01-14
Entry 2015-01-19

PolarSSL team reports:

During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1_sequence is not initialized by asn1_get_sequence_of(). In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarssl_free().

This sequence can be triggered when a PolarSSL entity is parsing a certificate. So practically this means clients when receiving a certificate from the server or servers in case they are actively asking for a client certificate.

References

CVE Name CVE-2015-1182
URL https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
URL https://www.certifiedsecure.com/polarssl-advisory/