The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL prior to 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle malicious users to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
polarssl polarssl 0.10.1 |
||
polarssl polarssl 0.10.0 |
||
polarssl polarssl |
||
polarssl polarssl 0.11.1 |
||
polarssl polarssl 0.11.0 |
||
polarssl polarssl 0.13.1 |
||
polarssl polarssl 0.12.1 |
||
polarssl polarssl 0.12.0 |