QwikSec

Security Database

CVE

CWE

Training

CVE-2019-17362

Published: Oct 9, 2019

Modified: Nov 15, 2024

PUBLISHED

Description

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://vuldb.com/?id.142995

https://github.com/libtom/libtomcrypt/issues/507

https://github.com/libtom/libtomcrypt/pull/508

[debian-lts-announce] 20191009 [SECURITY] [DLA 1951-1] libtomcrypt security update

mailing-list

openSUSE-SU-2019:2454

vendor-advisory

openSUSE-SU-2019:2514

vendor-advisory

FEDORA-2023-1f0ac1260e

vendor-advisory

FEDORA-2023-b4b9b38f23

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2019-17362 - Security Vulnerability | QwikSec