High severity8.1NVD Advisory· Published Aug 30, 2017· Updated May 13, 2026
CVE-2017-14032
CVE-2017-14032
Description
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.
Affected products
30cpe:2.3:a:arm:mbed_tls:1.3.10:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:arm:mbed_tls:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.20:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:1.3.21:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:2.6.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- bugs.debian.org/873557nvdIssue TrackingPatchThird Party Advisory
- github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32nvdIssue TrackingPatchThird Party Advisory
- github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fcnvdIssue TrackingPatchThird Party Advisory
- tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02nvdVendor Advisory
- www.debian.org/security/2017/dsa-3967nvd
News mentions
0No linked articles in our index yet.