Unrated severityNVD Advisory· Published Jun 20, 2012· Updated Apr 29, 2026

CVE-2011-1923

Description

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.

Affected products

Polarssl/Polarssl8 versions
cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*range: <=0.14.0
- cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

polarssl.org/trac/wiki/SecurityAdvisory201101nvdVendor Advisory
www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdfnvd
www.nessus.org/plugins/index.phpnvd
www.securityfocus.com/bid/46670nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000