CPANSA-CryptX-2025-40912: CryptX vulnerability
Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
Initial release date |
2025-06-11T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
Current release date |
2025-06-11T00:00:00 |
Build Date |
|
Current version |
1 |
Status |
final |
CVSS v3.1 Base Score |
9.8
|
Severity |
|
Original language |
|
Language |
en |
Also referred to |
|
Vulnerability Description
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Vulnerabilities
CVE-2025-40912
Vulnerability DescriptionCryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.
CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Product status
Known affected
Product |
Score |
CryptX less than 0.065 |
|
Fixed
CVE-2019-17362
Vulnerability DescriptionIn LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Weakness |
CWE-125 : Out-of-bounds Read
|
Product status
Known affected
Product |
Score |
CryptX less than 0.065 |
|
Fixed
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
Version |
Date of the revision |
Summary of the revision |
1 |
Wed Jun 11 00:00:00 2025 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/