[Forgot Password]
Login  Register Subscribe

24547

 
 

132805

 
 

131373

 
 

909

 
 

108481

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2019-17362Date: (C)2019-10-10   (M)2019-10-10


In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

Reference:
https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html
https://github.com/libtom/libtomcrypt/issues/507
https://github.com/libtom/libtomcrypt/pull/508
https://vuldb.com/?id.142995

© SecPod Technologies