Libtom - Libtomcrypt CVE

Filtered by vendor Libtom Subscribe

Filtered by product Libtomcrypt

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-17362	2 Debian, Libtom	2 Debian Linux, Libtomcrypt	2023-12-14	6.4 MEDIUM	9.1 CRITICAL
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

Vulnerabilities (CVE)