CVE-2014-8627

CVE-2014-8627

EPSS 2.1%

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html http://secunia.com/advisories/61220 https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released