ALT-PU-2023-8082-3
Package libtomcrypt updated to version 1.18.2-alt4 for branch c9f2 in task 336551.
Closed vulnerabilities
Published: 2019-10-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-17362
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
- openSUSE-SU-2019:2454
- openSUSE-SU-2019:2454
- openSUSE-SU-2019:2514
- openSUSE-SU-2019:2514
- https://github.com/libtom/libtomcrypt/issues/507
- https://github.com/libtom/libtomcrypt/issues/507
- https://github.com/libtom/libtomcrypt/pull/508
- https://github.com/libtom/libtomcrypt/pull/508
- [debian-lts-announce] 20191009 [SECURITY] [DLA 1951-1] libtomcrypt security update
- [debian-lts-announce] 20191009 [SECURITY] [DLA 1951-1] libtomcrypt security update
- FEDORA-2023-b4b9b38f23
- FEDORA-2023-b4b9b38f23
- FEDORA-2023-1f0ac1260e
- FEDORA-2023-1f0ac1260e
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47YP5SXQ4RY6KMTK2HI5ZZR244XKRMCZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU5OMCY3PX54YVI4FMNDEENHDJZJ3RJW/
- https://vuldb.com/?id.142995
- https://vuldb.com/?id.142995