PT-2012-1170 · Openssl · Polarssl

Published

2012-06-20

Updated

2013-10-24

CVE-2011-1923

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PolarSSL versions prior to 1.3.0 PolarSSL versions prior to 0.14.2

Description The issue concerns the Diffie-Hellman key-exchange implementation in PolarSSL, which does not properly validate a public parameter. This makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic. Multiple vulnerabilities in the PolarSSL package can lead to disruption of protected information and can be exploited remotely.

Recommendations For PolarSSL versions prior to 0.14.2, update to version 0.14.2 or later. For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-09702

CVE-2011-1923

Affected Products

Polarssl

PT-2012-1170 · Openssl · Polarssl

CVE-2011-1923

Weakness Enumeration

Related Identifiers

Affected Products

References · 9