Mbed TLS is now part of TrustedFirmware.org.

mbed TLS 2.1.2 and 1.3.14, and PolarSSL 1.2.17 released


The maintenance releases mbed TLS 2.1.2 and 1.3.14, and PolarSSL 1.2.17, for the 2.x, 1.3 and 1.2 branches have been published.

These releases mainly fix a remotely exploitable vulnerability, as well as other vulnerabilities that are not exploitable remotely, and a few other bugs.


Guido Vranken of Intelworks has found and reported a total of 8 potential vulnerabilities that have been fixed in these releases. The most important issue is detailed in mbed TLS security advisory 2015-01 and can potentially result in a remote code execution if a client connects to a malicious server using ticket-based session resumption.

Other fixes include:

  • Potential double-free if mbedtls_ssl_set_hs_psk() is called more than once in the same handshake and mbedtls_ssl_conf_psk() was used
  • Stack buffer overflow in PKCS12 decryption (used by mbedtls_pk_parse_key(file)()) when the password is > 129 bytes
  • Potential buffer overflow in mbedtls_mpi_read_string(). This is not exploitable remotely in the context of TLS, but it may be in other protocols. On 32 bit machines, this would require reading a string of close to or larger than 1GB of data to exploit; on 64 bit machines, it would require reading a string of close to or larger than 2^62 bytes
  • Potential random memory allocation in mbedtls_pem_read_buffer() on crafted PEM input data. Triggerable remotely if you accept PEM data from an untrusted source
  • Potential heap buffer overflow in base64_encode() when the input buffer is 512MB or larger on 32-bit platforms
  • Potential double-free if mbedtls_conf_psk() is called repeatedly on the same mbedtls_ssl_config object and memory allocation fails
  • Potential heap buffer overflow in servers that perform client authentication against a crafted CA cert. Cannot be triggered remotely unless you allow third parties to pick trust CAs for client auth

Bug fixes

In addition two build errors were fixed: one when building net.c with the musl C library, the other when building with MSVC in C++ mode.


In addition to checking bounds when writing ClientHello extensions, we now also enforce a limit of 255 bytes (as defined by RFC 1305) on the host name in mbedtls_ssl_set_hostname().

Who should update

We recommend all client-side users upgrade.

Alternatively, you should implement the workaround described in mbed TLS security advisory 2015-01 and check if the other vulnerabilities apply to your uses case.

Download links

Get your copy here:


The hashes for mbedtls-2.1.2-apache.tgz are:

SHA-1  : c99dfeaa27489f0e74e704e69a181f6ceb3db2a7
SHA-256 : ce57cb9085f976ffde945af7e8cec058a66ad181a96fd228fbcbc485213a7c58

The hashes for mbedtls-2.1.2-gpl.tgz are:

SHA-1  : 44c4b71971a68086bb4d68b82688015812fd3962
SHA-256 : 0dcca471d1f76352af5e26d64880ef6a30963ad6474a78c0d8e7fbb6dd691fa4  

The hashes for mbedtls-1.3.14-gpl.tgz are:

SHA-1  : 690ae3cc3da82cfc5530f5cb1f82bec0c778b5dc
SHA-256 : be76915bc406b4c4109629624baa5bf610a805d9976404e4086d44e5e6c86ff8 

The hashes for polarssl-1.2.17-gpl.tgz are:

SHA-1 : 09c34c5eb1e5e6df565be9fdce0a7bd3e86dd579
SHA-256 : 9301d4ebec3eb45bc9f28f2d79bfdb0c3dd351c386aa6cc66643e1b2be274d52 

Like this?




Last updated:
Oct 7, 2015


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.