vulnerability

FreeBSD: mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Jan 4, 2016	Jan 8, 2016	Feb 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Jan 4, 2016

Added

Jan 8, 2016

Modified

Feb 19, 2025

Description

ARM Limited reports:

MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack
on TLS 1.2 server authentication. They have been disabled by default.
Other attacks from the SLOTH paper do not apply to any version of mbed
TLS or PolarSSL.

Solution(s)

freebsd-upgrade-package-mbedtlsfreebsd-upgrade-package-polarssl13

References

URL-https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today