Security Center

Security Disclosures

We disclose all security issues we find or we are advised of that are relevant for PolarSSL. We adhere to the Full Disclosure Policy and try to inform our users as best as possible of all possible issues. Do you think something is missing here that is relevant? Please let us know! Found a security bug? Jump to our Bug Bounty Program!

Known vulnerabilities

CVE stands for Common Vulnerability and Exposures. A CVE Identifier is a unique number that can be used over different security advisories by different vendors to refer to the same issue. The following CVE identifiers are known to involve PolarSSL:
PolarSSL Advisory CVE Identifier Issue title Fixed in
2011-01 CVE-2011-1923 Possible man in the middle in Diffie Hellman key exchange 0.14.2, 1.0.0
2011-02 CVE-2011-4574 Weak random number generation within virtualized environments 1.1.0
2012-01 CVE-2012-2130 Weak Diffie-Hellman and RSA key generation 1.1.2
2013-01 CVE-2013-0169 Lucky thirteen - timing side channel during decryption 1.1.6, 1.2.6
  CVE-2013-1621 Denial of Service in SSL Module 1.2.5
2013-02 Unknown RC4 ciphersuites in SSL and TLS vulnerable Not solvable
  CVE-2013-1622 False warning, not an issue in a numbered release.
2013-03 CVE-2013-4623 Denial of Service through Certificate message during handshake 1.1.7, 1.2.8
2013-04 CVE-2013-5914 Buffer overflow in ssl_read_record() 1.1.8, 1.2.9, 1.3.0
2013-05 CVE-2013-5915 Timing Attack against protected RSA-CRT implementation used in PolarSSL 1.2.9, 1.3.0
2014-01 CVE-2014-0160 Heartbleed Bug Not affected

Known attacks

We are trying to make a repository of all known relevant attacks on SSL and the cryptographic components in general or on the implementation within PolarSSL specifically. There are a lot of items missing. Please help us make this a complete repository by sending ommissions to us at: attacks at polarssl dot org (or via the contact form). The following attacks are known to be relevant for SSL / cryptography in general or PolarSSL specifically:
Year Title Targets Download
2013 Timing Attack against protected RSA-CRT implementation used in PolarSSL RSA ctrsa13.pdf
2013 Lucky13: Breaking the TLS and DTLS Record Protocols CBC padding in SSL/TLS/DTLS TLStiming.pdf
2013 On the Security of RC4 in TLS and WPA RC4 in TLS RC4biases.pdf
2005 Improving Brumley and Boneh timing attack on unprotected SSL implementation RSA c36.pdf
2003 Remote timing attacks are practical RSA ssl-timing.pdf
2000 A Timing Attack against RSA with the Chinese Remainder Theorem RSA WSchindler-RSA_Timing_Attack.pdf