CVE-2014-8627

CVE-2014-8627

EPSS 2.1%

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html http://secunia.com/advisories/61220 https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released