CVE-2017-14032

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14032
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14032.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14032
Downstream
Related
Published
2017-08-30T20:29:00Z
Modified
2025-10-23T14:02:27.351241Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

References

Affected packages

Git / github.com/armmbed/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/armmbed/mbedtls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
31458a18788b0cf0b722acda9bb2f2fe13a3fb32
Fixed
d15795acd5074e0b44e71f7ede8bdfe1b48591fc

Affected versions

Other

beta-oob-2
list
mbedos-2016q1-oob1
mbedos-2016q1-oob2
mbedos-2016q1-oob3
mbedos-release-15-11
mbedos-techcon-oob2

mbedos-16.*

mbedos-16.01-release
mbedos-16.03-release

mbedtls-1.*

mbedtls-1.3.10
mbedtls-1.4-dtls-preview

mbedtls-2.*

mbedtls-2.0.0
mbedtls-2.1.0
mbedtls-2.1.1
mbedtls-2.1.2
mbedtls-2.2.0
mbedtls-2.2.1
mbedtls-2.3.0
mbedtls-2.4.0
mbedtls-2.5.0
mbedtls-2.5.1

polarssl-1.*

polarssl-1.2.0
polarssl-1.2.1
polarssl-1.2.2
polarssl-1.2.3
polarssl-1.2.4
polarssl-1.2.5
polarssl-1.2.6
polarssl-1.3.0
polarssl-1.3.0-rc0
polarssl-1.3.1
polarssl-1.3.2
polarssl-1.3.3
polarssl-1.3.4
polarssl-1.3.5
polarssl-1.3.6
polarssl-1.3.7
polarssl-1.3.8
polarssl-1.3.9

yotta-2.*

yotta-2.2.1
yotta-2.2.2
yotta-2.2.3
yotta-2.3.0
yotta-2.3.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/mbed-tls/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc",
        "target": {
            "function": "mbedtls_x509_crt_verify_with_profile",
            "file": "library/x509_crt.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2017-14032-5602eaa3",
        "signature_type": "Function",
        "digest": {
            "length": 2262.0,
            "function_hash": "23535954794933034125050730467064723164"
        }
    },
    {
        "source": "https://github.com/mbed-tls/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32",
        "target": {
            "function": "mbedtls_strerror",
            "file": "library/error.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2017-14032-68c67a00",
        "signature_type": "Function",
        "digest": {
            "length": 29159.0,
            "function_hash": "289384578258587814542314141494984662847"
        }
    },
    {
        "source": "https://github.com/mbed-tls/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32",
        "target": {
            "file": "library/error.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2017-14032-77efa648",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "132424573133338098880192509041644689350",
                "136223290653824832292330108440460395254",
                "71226695291420032423883403561819135480",
                "207101480763087697553560554299684203715"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://github.com/mbed-tls/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc",
        "target": {
            "file": "library/x509_crt.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2017-14032-f89e6dcf",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "297508082841507766207153074088620982985",
                "193765838583188265181447748208443829958",
                "246008029411467398700936916418902399106",
                "170728984395405133853399714968408782878",
                "271212138821117569378509030157638532529",
                "246049324344814765838357334631555737022",
                "229676348833666410348666480313748689668",
                "86482101448153393178407467509000579557",
                "57218658069997918038981807154574011405",
                "220261421346282504819318476197674000641",
                "111667703861368524557872296946491606464",
                "86482101448153393178407467509000579557",
                "57218658069997918038981807154574011405",
                "220261421346282504819318476197674000641",
                "13388456810314230906762838641713333140",
                "315536337083492372142446775006730033251",
                "4270419841222123167981624894377912134",
                "289739310754905327002609558766051706047",
                "86482101448153393178407467509000579557",
                "33087967539940626196069781929922405868",
                "51190541300378967937168735493507131995",
                "218910488878099105102794744835010694097",
                "215431577958695108769703273527304932472"
            ],
            "threshold": 0.9
        }
    }
]