
Critical Vulnerability in PolarSSL

A vulnerability was discovered in the PolarSSL encryption library, popular on mobile devices, that could allow remote code to be executed remotely through a specially prepared certificate. The vulnerability is an error when processing the fields of the ASN.1 certificate: in the asn1_get_sequence_of () function, the pointer to the asn1_sequence linked list is not initialized, which could lead to the call to the polarssl_free () function with an uninitialized pointer and, ultimately, the execution of malicious code.
Vulnerability manifests itself at the time of certificate analysis, which means that malicious code can be executed both on the client side and on the server side.
All current versions of PolarSSL are vulnerable. There is still no official patch fixing the vulnerability, but there is an unofficial one .
The PolarSSL library is most often used in mobile and embedded devices. For example, OpenVPN uses it for iOS and Android clients, as well as for routers for OpenWRT.
Certified Secure Advisory 01/14/2015-0.1 - PolarSSL
PolarSSL Security Advisory 2014-04