CPANSA-Net-Dropbear-2019-17362: Net-Dropbear vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2019-10-09T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2019-10-09T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 9.1 | Severity | Critical |
Original language | Language | en | |
Also referred to |
Vulnerability Description
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Vulnerabilities
CVE-2019-17362
Vulnerability DescriptionIn LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Weakness | CWE-125 : Out-of-bounds Read |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Net-Dropbear less than 0 |
|
Fixed
- Net-Dropbear greater than 0
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Net-Dropbear-2019-17362 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2019/cpansa-net-dropbear-2019-17362.json - https://github.com/atrodo/Net-Dropbear/issues/6 external
https://github.com/atrodo/Net-Dropbear/issues/6 - https://github.com/libtom/libtomcrypt/pull/508 external
https://github.com/libtom/libtomcrypt/pull/508 - https://github.com/libtom/libtomcrypt/issues/507 external
https://github.com/libtom/libtomcrypt/issues/507 - https://vuldb.com/?id.142995 external
https://vuldb.com/?id.142995 - https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html external
https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html - http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html external
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html - http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html external
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html - CVE-2019-17362 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2019-17362
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Wed Oct 9 00:00:00 2019 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/