CVE-2011-1923

Name of the Vulnerable Software and Affected Versions PolarSSL versions prior to 1.3.0 PolarSSL versions prior to 0.14.2

Description The issue concerns the Diffie-Hellman key-exchange implementation in PolarSSL, which does not properly validate a public parameter. This makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic. Multiple vulnerabilities in the PolarSSL package can lead to disruption of protected information and can be exploited remotely.

Recommendations For PolarSSL versions prior to 0.14.2, update to version 0.14.2 or later. For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later.