PT-2017-13212 · Arm+1 · Mbed Tls+1

James Cowgill

Publicado

2017-08-30

Atualizado

2026-06-05

CVE-2017-14032

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 1.3.21 mbed TLS versions 2.x prior to 2.1.9

Description The issue allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates, but only if optional authentication is configured.

Recommendations For mbed TLS versions prior to 1.3.21, update to version 1.3.21 or later to resolve the issue. For mbed TLS versions 2.x prior to 2.1.9, update to version 2.1.9 or later to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALT-PU-2017-2631

CVE-2017-14032

DSA-3967-1

MGASA-2018-0038

OPENSUSE-SU-2017:2731-1

OPENSUSE-SU-2017:2736-1

OPENSUSE-SU-2024:11043-1

Produtos afetados

Alt Linux

Mbed Tls

PT-2017-13212 · Arm+1 · Mbed Tls+1

CVE-2017-14032

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30