Unrated severityNVD Advisory· Published Sep 30, 2013· Updated Apr 29, 2026
CVE-2013-4623
CVE-2013-4623
Description
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.
Affected products
17cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*
Patches
11922a4e6aadehttps://github.com/polarssl/polarsslvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03nvdPatchVendor Advisory
- github.com/polarssl/polarssl/commit/1922a4e6aade7b1d685af19d4d9339ddb5c02859nvdExploitPatch
- lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-September/115927.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-September/116351.htmlnvd
- www.debian.org/security/2013/dsa-2782nvd
- www.securityfocus.com/bid/61764nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.