CVE-2017-14032

CVE-2017-14032

Name

CVE-2017-14032

Description

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	http://www.debian.org/security/2017/dsa-3967
Issue Tracking	https://bugs.debian.org/873557
Issue Tracking	https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
Issue Tracking	https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
Vendor Advisory	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Type

URI

cve@mitre.org

http://www.debian.org/security/2017/dsa-3967

Issue Tracking

https://bugs.debian.org/873557

Issue Tracking

https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32

Issue Tracking

https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc

Vendor Advisory

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:arm:mbed_tls:1.3.19:::::::*`	mbed_tls	== None	== 1.3.19
`cpe:2.3:a:arm:mbed_tls:1.3.21:::::::*`	mbed_tls	== None	== 1.3.21
`cpe:2.3:a:arm:mbed_tls:2.1.7:::::::*`	mbed_tls	== None	== 2.1.7
`cpe:2.3:a:arm:mbed_tls:2.1.9:::::::*`	mbed_tls	== None	== 2.1.9
`cpe:2.3:a:arm:mbed_tls:2.4.2:::::::*`	mbed_tls	== None	== 2.4.2
`cpe:2.3:a:arm:mbed_tls:2.6.2:::::::*`	mbed_tls	== None	== 2.6.2
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.10:::::::*`	mbed_tls	== None	== 1.3.10
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.11:::::::*`	mbed_tls	== None	== 1.3.11
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.12:::::::*`	mbed_tls	== None	== 1.3.12
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.13:::::::*`	mbed_tls	== None	== 1.3.13
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.14:::::::*`	mbed_tls	== None	== 1.3.14
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.15:::::::*`	mbed_tls	== None	== 1.3.15
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.16:::::::*`	mbed_tls	== None	== 1.3.16
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.17:::::::*`	mbed_tls	== None	== 1.3.17
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.18:::::::*`	mbed_tls	== None	== 1.3.18
`cpe:2.3:a:trustedfirmware:mbed_tls:1.3.20:::::::*`	mbed_tls	== None	== 1.3.20
`cpe:2.3:a:trustedfirmware:mbed_tls:2.0.0:::::::*`	mbed_tls	== None	== 2.0.0
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.0:::::::*`	mbed_tls	== None	== 2.1.0
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.1:::::::*`	mbed_tls	== None	== 2.1.1
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.2:::::::*`	mbed_tls	== None	== 2.1.2
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.3:::::::*`	mbed_tls	== None	== 2.1.3
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.4:::::::*`	mbed_tls	== None	== 2.1.4
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.5:::::::*`	mbed_tls	== None	== 2.1.5
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.6:::::::*`	mbed_tls	== None	== 2.1.6
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.8:::::::*`	mbed_tls	== None	== 2.1.8
`cpe:2.3:a:trustedfirmware:mbed_tls:2.2.0:::::::*`	mbed_tls	== None	== 2.2.0
`cpe:2.3:a:trustedfirmware:mbed_tls:2.2.1:::::::*`	mbed_tls	== None	== 2.2.1
`cpe:2.3:a:trustedfirmware:mbed_tls:2.3.0:::::::*`	mbed_tls	== None	== 2.3.0
`cpe:2.3:a:trustedfirmware:mbed_tls:2.4.0:::::::*`	mbed_tls	== None	== 2.4.0
`cpe:2.3:a:trustedfirmware:mbed_tls:2.5.1:::::::*`	mbed_tls	== None	== 2.5.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:arm:mbed_tls:1.3.19:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.19

cpe:2.3:a:arm:mbed_tls:1.3.21:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.21

cpe:2.3:a:arm:mbed_tls:2.1.7:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.7

cpe:2.3:a:arm:mbed_tls:2.1.9:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.9

cpe:2.3:a:arm:mbed_tls:2.4.2:*:*:*:*:*:*:*

mbed_tls

== None

== 2.4.2

cpe:2.3:a:arm:mbed_tls:2.6.2:*:*:*:*:*:*:*

mbed_tls

== None

== 2.6.2

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.10:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.10

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.11:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.11

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.12:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.12

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.13:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.13

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.14:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.14

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.15:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.15

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.16:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.16

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.17:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.17

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.18:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.18

cpe:2.3:a:trustedfirmware:mbed_tls:1.3.20:*:*:*:*:*:*:*

mbed_tls

== None

== 1.3.20

cpe:2.3:a:trustedfirmware:mbed_tls:2.0.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.0.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.1:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.1

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.2:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.2

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.3:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.3

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.4:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.4

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.5:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.5

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.6:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.6

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.8:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.8

cpe:2.3:a:trustedfirmware:mbed_tls:2.2.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.2.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.2.1:*:*:*:*:*:*:*

mbed_tls

== None

== 2.2.1

cpe:2.3:a:trustedfirmware:mbed_tls:2.3.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.3.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.4.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.4.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.5.1:*:*:*:*:*:*:*

mbed_tls

== None

== 2.5.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
mbedtls2	edge-community	2.6.0-r0	None	fixed
mbedtls2	3.22-community	2.6.0-r0	None	fixed
mbedtls2	3.21-community	2.6.0-r0	None	fixed
mbedtls2	3.20-community	2.6.0-r0	None	fixed
mbedtls	edge-main	2.6.0-r0	None	fixed
mbedtls	3.22-main	2.6.0-r0	None	fixed
mbedtls	3.21-main	2.6.0-r0	None	fixed
mbedtls	3.20-main	2.6.0-r0	None	fixed
mbedtls	3.19-main	2.6.0-r0	None	fixed
mbedtls	3.18-main	2.6.0-r0	None	fixed
mbedtls	3.17-main	2.6.0-r0	None	fixed
mbedtls	3.12-main	2.6.0-r0	None	fixed
mbedtls	3.11-main	2.6.0-r0	None	fixed
mbedtls	3.10-main	2.6.0-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

mbedtls2

edge-community

2.6.0-r0

None

fixed

mbedtls2

3.22-community