[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

144502

 
 

909

 
 

116182

 
 

156

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2019-17362Date: (C)2019-10-10   (M)2020-02-26


In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.1CVSS Score : 6.4
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html
https://github.com/libtom/libtomcrypt/issues/507
https://github.com/libtom/libtomcrypt/pull/508
https://vuldb.com/?id.142995
openSUSE-SU-2019:2454
openSUSE-SU-2019:2514

CPE    1
cpe:/o:debian:debian_linux:8.0
CWE    1
CWE-125

© SecPod Technologies