Wind River Support Network


LIN7-2839 : Security Advisory - polarssl - CVE-2015-1182

Created: Feb 1, 2015    Updated: Sep 8, 2018
Resolved Date: Feb 10, 2015
Found In Version: 7.0
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.<a href=>CWE-824: Access of Uninitialized Pointer</a>

Other Downloads


Live chat