CVE-2017-14032

EUVD-2017-5547
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
armmbed_tls
1.3.10
armmbed_tls
1.3.11
armmbed_tls
1.3.12
armmbed_tls
1.3.13
armmbed_tls
1.3.14
armmbed_tls
1.3.15
armmbed_tls
1.3.16
armmbed_tls
1.3.17
armmbed_tls
1.3.18
armmbed_tls
1.3.19
armmbed_tls
1.3.20
armmbed_tls
1.3.21
armmbed_tls
2.0.0
armmbed_tls
2.1.0
armmbed_tls
2.1.1
armmbed_tls
2.1.2
armmbed_tls
2.1.3
armmbed_tls
2.1.4
armmbed_tls
2.1.5
armmbed_tls
2.1.6
armmbed_tls
2.1.7
armmbed_tls
2.1.8
armmbed_tls
2.1.9
armmbed_tls
2.2.0
armmbed_tls
2.2.1
armmbed_tls
2.3.0
armmbed_tls
2.4.0
armmbed_tls
2.4.2
armmbed_tls
2.5.1
armmbed_tls
2.6.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mbedtls
bookworm
2.28.3-1
fixed
bullseye
2.16.9-0.1
fixed
jessie
not-affected
sid
3.6.2-1
fixed
trixie
2.28.8-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mbedtls
trusty
dne
xenial
Fixed 2.2.1-2ubuntu0.2
released
zesty
Fixed 2.4.2-1ubuntu0.1
released
polarssl
trusty
dne
xenial
dne
zesty
dne
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3967
https://bugs.debian.org/873557
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
http://www.debian.org/security/2017/dsa-3967
https://bugs.debian.org/873557
https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02