The PolarSSL vulnerability is the result of an uninitialized pointer in the PolarSSL code. An attacker with knowledge of the target system may be able to exploit the flaw to run arbitrary code by using a malicious digital certificate. PolarSSL has released a code fix for the vulnerability and is planning to release patched versions. The vulnerability is triggered during parsing and before the actual validation of the certificate is done. The vulnerable versions include 1.0 and up to the Polar SSL 1.3.9 and PolarSSL 1.2.12.
Source: https://threatpost.com/potential-code-execution-flaw-haunts-polarssl-library/110505/