CVE-2017-14032

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
armmbed_tls
1.3.10
armmbed_tls
1.3.11
armmbed_tls
1.3.12
armmbed_tls
1.3.13
armmbed_tls
1.3.14
armmbed_tls
1.3.15
armmbed_tls
1.3.16
armmbed_tls
1.3.17
armmbed_tls
1.3.18
armmbed_tls
1.3.19
armmbed_tls
1.3.20
armmbed_tls
1.3.21
armmbed_tls
2.0.0
armmbed_tls
2.1.0
armmbed_tls
2.1.1
armmbed_tls
2.1.2
armmbed_tls
2.1.3
armmbed_tls
2.1.4
armmbed_tls
2.1.5
armmbed_tls
2.1.6
armmbed_tls
2.1.7
armmbed_tls
2.1.8
armmbed_tls
2.1.9
armmbed_tls
2.2.0
armmbed_tls
2.2.1
armmbed_tls
2.3.0
armmbed_tls
2.4.0
armmbed_tls
2.4.2
armmbed_tls
2.5.1
armmbed_tls
2.6.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mbedtls
bullseye
2.16.9-0.1
fixed
jessie
not-affected
wheezy
not-affected
bookworm
2.28.3-1
fixed
trixie
2.28.8-1
fixed
sid
3.6.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mbedtls
zesty
Fixed 2.4.2-1ubuntu0.1
released
xenial
Fixed 2.2.1-2ubuntu0.2
released
trusty
dne
polarssl
zesty
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3967
https://bugs.debian.org/873557
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
http://www.debian.org/security/2017/dsa-3967
https://bugs.debian.org/873557
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02