PT-2017-13212 · Arm+1 · Mbed Tls+1

James Cowgill

Published

2017-08-30

Updated

2026-06-05

CVE-2017-14032

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 1.3.21 mbed TLS versions 2.x prior to 2.1.9

Description The issue allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates, but only if optional authentication is configured.

Recommendations For mbed TLS versions prior to 1.3.21, update to version 1.3.21 or later to resolve the issue. For mbed TLS versions 2.x prior to 2.1.9, update to version 2.1.9 or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2017-2631

CVE-2017-14032

DSA-3967-1

MGASA-2018-0038

OPENSUSE-SU-2017:2731-1

OPENSUSE-SU-2017:2736-1

OPENSUSE-SU-2024:11043-1

Affected Products

Alt Linux

Mbed Tls

PT-2017-13212 · Arm+1 · Mbed Tls+1

CVE-2017-14032

Weakness Enumeration

Related Identifiers

Affected Products

References · 30