Mbed TLS is now part of TrustedFirmware.org.

PolarSSL Security Advisory 2014-02

Title Denial of Service against GCM enabled servers (and clients)
CVE CVE-2014-4911
Date 11th of July 2014
Affects All PolarSSL versions before 1.2.11 and 1.3.8
Not affected All branches before 1.2.x and version > 1.2.10 or > 1.3.7
Impact Crash of server application (or clients by a malicious server)
Exploit Withheld

A denial of service against PolarSSL servers that offer GCM ciphersuites has been found using the fuzzing techniques of the Codenomicon Defensics toolkit. Potentially clients are affected too if a malicious server decides to execute the denial of service attack against its clients.


A server or client that is targeted with this attack can be potentially crashed with a segfault.


Disabling of the GCM ciphersuites prevents this attack.

Alternatively the following patch can be applied to your current PolarSSL 1.3.7 code base:

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 480c5e5..a57f3f1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1416,9 +1416,15 @@ static int ssl_decrypt_buf( ssl_context *ssl )
         size_t dec_msglen, olen, totlen;
         unsigned char add_data[13];
+        size_t gcm_overhead = ssl->transform_in->ivlen +
+                              ssl->transform_in->fixed_ivlen +
+                              16; /* explicit IV + tag */
+        if( ssl->in_msglen < gcm_overhead )
+            return( POLARSSL_ERR_SSL_INVALID_MAC );
+        dec_msglen = ssl->in_msglen - gcm_overhead;

-        dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
-                                        ssl->transform_in->fixed_ivlen );
-        dec_msglen -= 16;
         dec_msg = ssl->in_msg;
         dec_msg_result = ssl->in_msg;


Upgrade to PolarSSL 1.3.8 for the 1.3 branch or PolarSSL 1.2.11 for the 1.2 branch.

Like this?

Security Advisories



Last updated:
Jul 11, 2014


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.