VYPR
High severity8.1NVD Advisory· Published Aug 30, 2017· Updated Jun 17, 2026

CVE-2017-14032

CVE-2017-14032

Description

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

34
  • Arm/MbedTLS31 versions
    cpe:2.3:a:arm:mbed_tls:1.3.19:*:*:*:*:*:*:*+ 30 more
    • cpe:2.3:a:arm:mbed_tls:1.3.19:*:*:*:*:*:*:*
    • cpe:2.3:a:arm:mbed_tls:1.3.21:*:*:*:*:*:*:*
    • cpe:2.3:a:arm:mbed_tls:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:arm:mbed_tls:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:arm:mbed_tls:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:arm:mbed_tls:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.16:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.17:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.18:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:1.3.20:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:trustedfirmware:mbed_tls:2.5.1:*:*:*:*:*:*:*
    • (no CPE)range: <1.3.21, <2.1.9
  • osv-coords3 versions
    < 2.27.0-1.2+ 2 more
    • (no CPE)range: < 2.27.0-1.2
    • (no CPE)range: < 3.6.6-1.1
    • (no CPE)range: < 1.3.19-8.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.