PT-2014-8653 · Openssl · Polarssl

Published

2014-11-22

·

Updated

2024-06-15

·

CVE-2014-8627

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions PolarSSL version 1.3.8
Description The issue allows remote attackers to conduct downgrade attacks due to improper negotiation of the signature algorithm.
Recommendations For version 1.3.8, update to a newer version that properly negotiates the signature algorithm to prevent downgrade attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2014-8627
MGASA-2014-0481
OPENSUSE-SU-2024:10088-1
OPENSUSE-SU-2024:12903-1

Affected Products

Polarssl