QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14032

Published: Aug 30, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

x_refsource_CONFIRM

https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32

x_refsource_CONFIRM

https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc

x_refsource_CONFIRM

https://bugs.debian.org/873557

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.