CVE-2017-14032

Published: 8/30/2017 Last updated: 8/5/2024 Reserved: 8/30/2017

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-mbedtls

Products affected (1)

Product	Vendor	Version
n/a	n/a	(Server Core installation)

References (10)

http://www.debian.org/security/2017/dsa-3967
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
https://bugs.debian.org/873557
http://www.debian.org/security/2017/dsa-3967
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
https://bugs.debian.org/873557