Vulnerability CVE-2019-17362: Information
Description
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libtomcrypt | sisyphus | 1.18.2-alt3 | 1.18.2-alt4 | ALT-PU-2020-3466-1 | 263073 | Fixed |
libtomcrypt | p10 | 1.18.2-alt3 | 1.18.2-alt4 | ALT-PU-2020-3466-1 | 263073 | Fixed |
libtomcrypt | p9 | 1.18.2-alt3 | 1.18.2-alt3 | ALT-PU-2020-3486-1 | 263098 | Fixed |
libtomcrypt | c10f1 | 1.18.2-alt3 | 1.18.2-alt4 | ALT-PU-2020-3466-1 | 263073 | Fixed |
libtomcrypt | c9f2 | 1.18.2-alt4 | 1.18.2-alt4 | ALT-PU-2023-8082-3 | 336551 | Fixed |
libtomcrypt | p11 | 1.18.2-alt3 | 1.18.2-alt4 | ALT-PU-2020-3466-1 | 263073 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/libtom/libtomcrypt/pull/508 |
|
https://github.com/libtom/libtomcrypt/issues/507 |
|
https://vuldb.com/?id.142995 |
|
[debian-lts-announce] 20191009 [SECURITY] [DLA 1951-1] libtomcrypt security update |
|
openSUSE-SU-2019:2454 | |
openSUSE-SU-2019:2514 | |
FEDORA-2023-1f0ac1260e | |
FEDORA-2023-b4b9b38f23 |