PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

mbed TLS 2.4.2, 2.1.7 and 1.3.19 released

mbed TLS 2.4.2, 2.1.7 and 1.3.19 released


mbed TLS version 2.4.2 has been released, as well as releases of the maintenance branches, mbed TLS 2.1.7 and 1.3.19.

These releases address multiple security issues, some of which can be exploited remotely. These library updates are maintenance releases and intentionally do not change the library interface, to allow users to change library versions easily.


  • (2.4, 2.1, 1.3) Adds checks to prevent signature forgeries for very large messages while using RSA through the PK module in 64-bit systems. The issue was caused by some data loss when casting a size_t to an unsigned int value in the functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and mbedtls_pk_sign(). Found by Jean-Philippe Aumasson.
  • (2.4, 2.1, 1.3) Fixes potential livelock during the parsing of a CRL in PEM format in the function mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing characters after the footer could result in the execution of an infinite loop. The issue can be triggered remotely. Found by Greg Zaverucha, Microsoft.
  • (2.4) Removes MD5 from the allowed hash algorithms for CertificateRequest and CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. Introduced by interoperability fix for #513.
  • (2.4, 2.1, 1.3) Fixes a bug that caused freeing a buffer that was allocated on the stack, when verifying the validity of a key on secp224k1. This issue could be triggered remotely, such as with a maliciously constructed certificate and could potentially lead to remote code execution on some platforms. Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos team. #569 CVE-2017-2784
  • (2.4, 2.1, 1.3) Fixes multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin.
  • (2.4, 2.1, 1.3) Fixes potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin.
  • (2.4, 2.1, 1.3) Fixes potential arithmetic overflows in mbedtls_cipher_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin.
  • (2.4, 2.1, 1.3) Fixes potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin.
  • (2.4, 2.1, 1.3) Fixes potential arithmetic overflow in mbedtls_base64_decode() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin.
  • (2.4, 2.1, 1.3) Fixes a 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI number to write in hexadecimal is negative and requires an odd number of digits. Found and fixed by Guido Vranken.


  • (2.4, 2.1, 1.3) Fixes output certificate verification flags set by x509_crt_verify_top() when traversing the chain of certificates of a trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be set when the verification conditions are not met regardless of the cause. Found by Harm Verhagen and inestlerode. #665 #561
  • (2.4, 2.1) Fixes the redefinition of macro ssl_set_bio to an undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. Found by omlib-lin. #673
  • (2.4, 2.1, 1.3) Fixes unused variable/function compilation warnings in pem.c, x509_crt.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562
  • (2.4, 2.1) Fixes incorrect renegotiation condition in ssl_check_ctr_renegotiate() that would compare 64 bits of the record counter instead of 48 bits as indicated in RFC 6347 Section 4.3.1. This could cause the execution of the renegotiation routines at unexpected times when the protocol is DTLS. Found by wariua. #687
  • (2.4, 2.1) Fixes heap overreads in mbedtls_x509_get_time(). Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America.
  • (2.4, 2.1, 1.3) Fixes potential memory leak in mbedtls_x509_crl_parse(). The leak was caused by missing calls to mbedtls_pem_free() in cases when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and fix proposed by Guido Vranken. #722
  • (2.4, 2.1, 1.3) Fixes the templates used to generate project and solution files for Visual Studio 2015 as well as the files themselves, to remove a build warning generated in Visual Studio 2015. Reported by Steve Valliere. #742
  • (2.4, 2.1) Fixes a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C. Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771
  • (2.4, 2.1, 1.3) Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode #555

Who should update

All users are recommended to update to one of the released versions of mbed TLS.

Users of the PolarSSL 1.2 branch are urged to upgrade to one of the maintained branches as 1.2 is now end-of-life and will no longer receive security fixes.

Download links

Get your copy here:


The hashes for files/mbedtls-2.4.2-apache.tgz are:

SHA-1: 71e0aa93e4548611fdb15af93e8b93b30c764e4c
SHA-256: 17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018

The hashes for files/mbedtls-2.4.2-gpl.tgz are:

SHA-1: 011a8072b64e86b9e2ae4abeb5839f466e427c83
SHA-256: d01f2d5586a52055329d194d909103f445bd2d0b6b2b5f1c830fbf828ac6299f

The hashes for files/mbedtls-2.1.7-apache.tgz are:

SHA-1: 310e9d9ffb74595c21309d619e6e21fab8ce1a54
SHA-256: 9e84cfa6e7d10a1f763d334760bb545368881ed74937d84dba4e6952816c9769

The hashes for files/mbedtls-2.1.7-gpl.tgz are:

SHA-1: 352571eff45f0493832b8e5aba7493bf66c72b2e
SHA-256: e87817271614de638005c94083b547bcc05dd4f8881860a0409dd619c825bdda

The hashes for files/mbedtls-1.3.19-gpl.tgz are:

SHA-1: 229014b979980cf5bdea8aa00578ae2ddeb4a499
SHA-256: 59654984c5a30575142fb30ed04c2c3ac3c94f1c27843a04bce80ca111a4b00e

Like this?




Last updated:
Mar 11, 2017


Want to stay up to date?