PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Security Center

Security Disclosures

We disclose all security issues we find or we are advised of that are relevant for mbed TLS. We encourage responsible disclosure and try to inform our users as best as possible of all possible issues. Do you think something is missing here that is relevant? Please let us know! Found a security bug? Jump to our Bug Bounty Program!

Subscribe to our mailing list

All mbed TLS and PolarSSL security advisories are announced here and on the mailing list 'Security Advisories'.

Known vulnerabilities

CVE stands for Common Vulnerability and Exposures. A CVE Identifier is a unique number that can be used over different security advisories by different vendors to refer to the same issue. The following CVE identifiers are known to involve mbed TLS and PolarSSL:
mbed TLS / PolarSSL Advisory CVE Identifier Issue title Fixed in
2011-01 CVE-2011-1923 Possible man in the middle in Diffie Hellman key exchange 0.14.2, 1.0.0
2011-02 CVE-2011-4574 Weak random number generation within virtualized environments 1.1.0
2012-01 CVE-2012-2130 Weak Diffie-Hellman and RSA key generation 1.1.2
2013-01 CVE-2013-0169 Lucky thirteen - timing side channel during decryption 1.1.6, 1.2.6
  CVE-2013-1621 Denial of Service in SSL Module 1.2.5
2013-02 Unknown RC4 ciphersuites in SSL and TLS vulnerable Not solvable
  CVE-2013-1622 False warning, not an issue in a numbered release.
2013-03 CVE-2013-4623 Denial of Service through Certificate message during handshake 1.1.7, 1.2.8
2013-04 CVE-2013-5914 Buffer overflow in ssl_read_record() 1.1.8, 1.2.9, 1.3.0
2013-05 CVE-2013-5915 Timing Attack against protected RSA-CRT implementation used in PolarSSL 1.2.9, 1.3.0
2014-01 CVE-2014-0160 Heartbleed Bug Not affected
2014-02 CVE-2014-4911 Denial of Service against GCM-enabled entities 1.2.11, 1.3.8
2014-03 CVE-2014-3566 POODLE attack on SSLv3 Not affected
2014-04 CVE-2015-1182 Remote attack using crafted certificates 1.2.13, 1.3.10
2015-01 CVE-2015-5291 Remote attack on clients using session tickets or SNI 1.2.17, 1.3.14, 2.1.2

Known attacks

We are trying to make a repository of all known relevant attacks on SSL and the cryptographic components in general or on the implementation within mbed TLS specifically. There are a lot of items missing. Please help us make this a complete repository by sending ommissions to us at: attacks at polarssl dot org (or via the contact form). The following attacks are known to be relevant for SSL / cryptography in general or mbed TLS / PolarSSL specifically:
Year Title Targets Download
2014 Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations X.509 certificate handling shmat_oak14.pdf
2013 Timing Attack against protected RSA-CRT implementation used in PolarSSL RSA ctrsa13.pdf
2013 Lucky13: Breaking the TLS and DTLS Record Protocols CBC padding in SSL/TLS/DTLS TLStiming.pdf
2013 On the Security of RC4 in TLS and WPA RC4 in TLS RC4biases.pdf
2005 Improving Brumley and Boneh timing attack on unprotected SSL implementation RSA c36.pdf
2003 Remote timing attacks are practical RSA ssl-timing.pdf
2000 A Timing Attack against RSA with the Chinese Remainder Theorem RSA WSchindler-RSA_Timing_Attack.pdf