Unrated severityNVD Advisory· Published Oct 26, 2013· Updated Apr 29, 2026

CVE-2013-5914

Description

Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.

Affected products

Polarssl/Polarssl11 versions
cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*range: <=1.1.7
- cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04nvdPatchVendor Advisory
www.debian.org/security/2013/dsa-2782nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000