Vulnerability CVE-2019-17362: Information

Description

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-17362
Published: Oct. 9, 2019
Modified: Dec. 14, 2023
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libtomcryptsisyphus1.18.2-alt31.18.2-alt4ALT-PU-2020-3466-1263073Fixed
libtomcryptp101.18.2-alt31.18.2-alt4ALT-PU-2020-3466-1263073Fixed
libtomcryptp91.18.2-alt31.18.2-alt3ALT-PU-2020-3486-1263098Fixed
libtomcryptc10f11.18.2-alt31.18.2-alt4ALT-PU-2020-3466-1263073Fixed
libtomcryptc9f21.18.2-alt41.18.2-alt4ALT-PU-2023-8082-3336551Fixed
libtomcryptp111.18.2-alt31.18.2-alt4ALT-PU-2020-3466-1263073Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/libtom/libtomcrypt/pull/508
  • Patch
  • Third Party Advisory
https://github.com/libtom/libtomcrypt/issues/507
  • Exploit
  • Third Party Advisory
https://vuldb.com/?id.142995
  • Permissions Required
[debian-lts-announce] 20191009 [SECURITY] [DLA 1951-1] libtomcrypt security update
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2454
    openSUSE-SU-2019:2514
      FEDORA-2023-1f0ac1260e
        FEDORA-2023-b4b9b38f23

            1. Configuration 1

              cpe:2.3:a:libtom:libtomcrypt:*:*:*:*:*:*:*:*
              End including
              1.18.2

              Configuration 2

              cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top