vulnerability
FreeBSD: VID-4084168e-b531-11e5-a98c-0011d823eebd: mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jan 7, 2016 | Jan 8, 2016 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jan 7, 2016
Added
Jan 8, 2016
Modified
Dec 10, 2025
Description
ARM Limited reports: MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL.
Solutions
freebsd-upgrade-package-polarssl13freebsd-upgrade-package-mbedtls
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.