{"id":"CVE-2017-14032","details":"ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.","modified":"2026-04-16T06:21:16.829724065Z","published":"2017-08-30T20:29:00.337Z","related":["openSUSE-SU-2017:2731-1","openSUSE-SU-2017:2736-1","openSUSE-SU-2024:11043-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3967"},{"type":"ADVISORY","url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02"},{"type":"FIX","url":"https://bugs.debian.org/873557"},{"type":"FIX","url":"https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32"},{"type":"FIX","url":"https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/armmbed/mbedtls","events":[{"introduced":"0"},{"last_affected":"015e48df6e2f15275161012fbb2544ce0a84c752"},{"introduced":"0"},{"last_affected":"19eef51487931784ba937b24ad1e7526d94fb7f3"},{"introduced":"0"},{"last_affected":"3edec6c4edf398315b6b59e9ce26e12774095775"},{"introduced":"0"},{"last_affected":"df048c59cfdb281f1e4f4fc647decefdc9a971d2"},{"introduced":"0"},{"last_affected":"f093bde91e329f18b7fc36f16f4de06ec7f181eb"},{"introduced":"0"},{"last_affected":"1f4e08c979bee3f7d790f23c863b547487fbd2f7"},{"introduced":"0"},{"last_affected":"84181adae87f7a438ee0cc1b6caf006ae696a74b"},{"introduced":"0"},{"last_affected":"2d01f2d4c50cac7ba257ef2af791d97e9697c01c"},{"introduced":"0"},{"last_affected":"c1d54bb7b2a80d0f153fd92a13e1b901778f17d3"},{"introduced":"0"},{"last_affected":"98864d5c0b154eda7aeb2c2bffe7e7e1c97424bc"},{"introduced":"0"},{"last_affected":"8a2855ee3cf2fb3443e12233fcbbea4a9492b683"},{"introduced":"0"},{"last_affected":"a75a4591430919a6eb3d430aca396044fe3816d4"},{"introduced":"0"},{"last_affected":"4cb87f409df0ddd878ea50cfca7dc8735ee574f2"},{"introduced":"0"},{"last_affected":"0a0c22e0efcf2f8f71d7e16712f80b8f77326f72"},{"introduced":"0"},{"last_affected":"8cea8ad8b825b0bf5884054af7499f1d5c3ebeb4"},{"introduced":"0"},{"last_affected":"c4e7d8a3817bbdee218328efa9e482217038152b"},{"introduced":"0"},{"last_affected":"ef43d41f671805406fd83cdf8ec5f54b1fa12c33"},{"introduced":"0"},{"last_affected":"543e4366bc102d59623717b9053547d10605e725"},{"introduced":"0"},{"last_affected":"b998e27547f986427730f033f4d1bcd028ffd08f"},{"introduced":"0"},{"last_affected":"016a0d3b6f23130a7f26c32afb5df08efcf19967"},{"introduced":"0"},{"last_affected":"23234776994c64c08f47b6db55a593e01b71c5ef"},{"introduced":"0"},{"last_affected":"fbb9837ad56e327f22c6b155e7b2fce796723e33"},{"introduced":"0"},{"last_affected":"1fe5e8ab44ef46b582ab54db5afcb6bab180d440"},{"introduced":"0"},{"last_affected":"8254ed2a9fadede8c6bf414072f78fc78d5af61c"},{"introduced":"0"},{"last_affected":"8b4a1bdbb044cb1693fd36cc134d8a1493b69b15"},{"introduced":"0"},{"last_affected":"a7ffc8f7396573bec401e0afcc073137522d5305"},{"introduced":"0"},{"last_affected":"1a6a15c795922f05bd2ea17addf27eddcd256a15"},{"introduced":"0"},{"last_affected":"59ae96f167a19f4d04dc6db61f6587b37ccd429f"},{"introduced":"0"},{"last_affected":"f2a597fa3dd1c7b15e0fee62f6932b253295803d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.10"},{"introduced":"0"},{"last_affected":"1.3.11"},{"introduced":"0"},{"last_affected":"1.3.12"},{"introduced":"0"},{"last_affected":"1.3.13"},{"introduced":"0"},{"last_affected":"1.3.14"},{"introduced":"0"},{"last_affected":"1.3.15"},{"introduced":"0"},{"last_affected":"1.3.16"},{"introduced":"0"},{"last_affected":"1.3.17"},{"introduced":"0"},{"last_affected":"1.3.18"},{"introduced":"0"},{"last_affected":"1.3.19"},{"introduced":"0"},{"last_affected":"1.3.20"},{"introduced":"0"},{"last_affected":"1.3.21"},{"introduced":"0"},{"last_affected":"2.0.0"},{"introduced":"0"},{"last_affected":"2.1.0"},{"introduced":"0"},{"last_affected":"2.1.1"},{"introduced":"0"},{"last_affected":"2.1.2"},{"introduced":"0"},{"last_affected":"2.1.3"},{"introduced":"0"},{"last_affected":"2.1.4"},{"introduced":"0"},{"last_affected":"2.1.5"},{"introduced":"0"},{"last_affected":"2.1.6"},{"introduced":"0"},{"last_affected":"2.1.7"},{"introduced":"0"},{"last_affected":"2.1.8"},{"introduced":"0"},{"last_affected":"2.1.9"},{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"2.2.1"},{"introduced":"0"},{"last_affected":"2.3.0"},{"introduced":"0"},{"last_affected":"2.4.0"},{"introduced":"0"},{"last_affected":"2.4.2"},{"introduced":"0"},{"last_affected":"2.5.1"}]}},{"type":"GIT","repo":"https://github.com/mbed-tls/mbedtls","events":[{"introduced":"0"},{"fixed":"31458a18788b0cf0b722acda9bb2f2fe13a3fb32"},{"fixed":"d15795acd5074e0b44e71f7ede8bdfe1b48591fc"}]}],"versions":["beta-oob-2","list","mbedos-16.01-release","mbedos-16.03-release","mbedos-2016q1-oob1","mbedos-2016q1-oob2","mbedos-2016q1-oob3","mbedos-release-15-11","mbedos-techcon-oob2","mbedtls-1.3.10","mbedtls-1.3.11","mbedtls-1.3.12","mbedtls-1.3.13","mbedtls-1.3.14","mbedtls-1.3.15","mbedtls-1.3.16","mbedtls-1.3.17","mbedtls-1.3.18","mbedtls-1.3.19","mbedtls-1.3.20","mbedtls-1.3.21","mbedtls-1.3.21-rc1","mbedtls-2.0.0","mbedtls-2.1.0","mbedtls-2.1.1","mbedtls-2.1.2","mbedtls-2.1.3","mbedtls-2.1.4","mbedtls-2.1.5","mbedtls-2.1.6","mbedtls-2.1.7","mbedtls-2.1.7-rc1","mbedtls-2.1.8","mbedtls-2.1.9","mbedtls-2.1.9-rc1","mbedtls-2.2.0","mbedtls-2.2.1","mbedtls-2.3.0","mbedtls-2.4.0","mbedtls-2.4.2","mbedtls-2.4.2-rc1","mbedtls-2.5.0","mbedtls-2.5.1","polarssl-1.2.0","polarssl-1.2.1","polarssl-1.2.2","polarssl-1.2.4","polarssl-1.2.5","polarssl-1.2.6","polarssl-1.3.0","polarssl-1.3.0-rc0","polarssl-1.3.1","polarssl-1.3.2","polarssl-1.3.3","polarssl-1.3.4","polarssl-1.3.5","polarssl-1.3.6","polarssl-1.3.7","polarssl-1.3.8","polarssl-1.3.9","yotta-2.2.1","yotta-2.2.2","yotta-2.2.3","yotta-2.3.0","yotta-2.3.1"],"database_specific":{"vanir_signatures":[{"target":{"function":"mbedtls_x509_crt_verify_with_profile","file":"library/x509_crt.c"},"id":"CVE-2017-14032-5602eaa3","source":"https://github.com/mbed-tls/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc","deprecated":false,"signature_version":"v1","digest":{"length":2262,"function_hash":"23535954794933034125050730467064723164"},"signature_type":"Function"},{"id":"CVE-2017-14032-68c67a00","target":{"function":"mbedtls_strerror","file":"library/error.c"},"digest":{"length":29159,"function_hash":"289384578258587814542314141494984662847"},"deprecated":false,"source":"https://github.com/mbed-tls/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32","signature_version":"v1","signature_type":"Function"},{"id":"CVE-2017-14032-77efa648","target":{"file":"library/error.c"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["132424573133338098880192509041644689350","136223290653824832292330108440460395254","71226695291420032423883403561819135480","207101480763087697553560554299684203715"],"threshold":0.9},"source":"https://github.com/mbed-tls/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32","signature_type":"Line"},{"source":"https://github.com/mbed-tls/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc","id":"CVE-2017-14032-f89e6dcf","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["297508082841507766207153074088620982985","193765838583188265181447748208443829958","246008029411467398700936916418902399106","170728984395405133853399714968408782878","271212138821117569378509030157638532529","246049324344814765838357334631555737022","229676348833666410348666480313748689668","86482101448153393178407467509000579557","57218658069997918038981807154574011405","220261421346282504819318476197674000641","111667703861368524557872296946491606464","86482101448153393178407467509000579557","57218658069997918038981807154574011405","220261421346282504819318476197674000641","13388456810314230906762838641713333140","315536337083492372142446775006730033251","4270419841222123167981624894377912134","289739310754905327002609558766051706047","86482101448153393178407467509000579557","33087967539940626196069781929922405868","51190541300378967937168735493507131995","218910488878099105102794744835010694097","215431577958695108769703273527304932472"],"threshold":0.9},"target":{"file":"library/x509_crt.c"},"signature_type":"Line"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.6.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14032.json","vanir_signatures_modified":"2026-04-11T03:57:07Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}