Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFDEEC5DABBDF7B01B8BF83AD048005182C6F91B02B13C7A273A7E522120BB5A3
HistoryDec 03, 2020 - 5:11 p.m.

Security Bulletin: Trusteer Mobile SDK is vulnerable to CVE-2019-17362

2020-12-0317:11:01
www.ibm.com
23

0.018 Low

EPSS

Percentile

88.3%

JSON

Summary

Trusteer Mobile SDK which uses libtomcrypto lib is vulnerable to a denial of service issue. IBM has addressed the issue in the latest version of the SDK.

Vulnerability Details

CVEID:CVE-2019-17362
**DESCRIPTION:**LibTomCrypt is vulnerable to a denial of service, caused by the failure to properly detect certain invalid UTF-8 sequences in der_decode_utf8_string function in der_decode_utf8_string.c. By providing crafted DER-encoded data, a remote attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169106 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Trusteer iOS SDK for mobile All

Remediation/Fixes

IBM backported the fix into the SDK.

The updated version can be download from the IBM Trusteer Customer Portal:

<https://trusteersupport.force.com/Support&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security trusteer mobile sdkeq5.2

Related

openvas 13
suse 2
redhatcve 1
nessus 14
mageia 1
osv 3
prion 1
fedora 2
alpinelinux 1
cvelist 1
debian 1
debiancve 1
ubuntu 1
cve 1
ubuntucve 1
veracode 1
cbl_mariner 2
nvd 1
openvas
openvas
Debian: Security Advisory (DLA-1951-1)
2019-10-10 00:00:00
Huawei EulerOS: Security Advisory for libtomcrypt (EulerOS-SA-2021-2181)
2021-07-13 00:00:00
Mageia: Security Advisory (MGASA-2020-0028)
2022-01-28 00:00:00
suse
suse
Security update for libtomcrypt (moderate)
2019-11-09 00:00:00
Security update for libtomcrypt (moderate)
2019-11-15 00:00:00
redhatcve
redhatcve
CVE-2019-17362
2019-11-21 15:07:30
nessus
nessus
EulerOS 2.0 SP9 : libtomcrypt (EulerOS-SA-2021-2273)
2021-08-09 00:00:00
EulerOS 2.0 SP9 : libtomcrypt (EulerOS-SA-2021-2247)
2021-08-09 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM : LibTomCrypt vulnerability (USN-4868-1)
2023-10-16 00:00:00
mageia
mageia
Updated libtomcrypt packages fix security vulnerability
2020-01-12 02:52:04
osv
osv
libtomcrypt - security update
2019-10-09 00:00:00
libtomcrypt vulnerability
2021-03-15 22:56:32
CVE-2019-17362
2019-10-09 01:15:10
prion
prion
Out-of-bounds
2019-10-09 01:15:00
fedora
fedora
[SECURITY] Fedora 38 Update: perl-CryptX-0.080-1.fc38
2023-12-14 01:52:41
[SECURITY] Fedora 39 Update: perl-CryptX-0.080-1.fc39
2023-12-14 01:33:27
alpinelinux
alpinelinux
CVE-2019-17362
2019-10-09 01:15:10
cvelist
cvelist
CVE-2019-17362
2019-10-09 00:00:00
debian
debian
[SECURITY] [DLA 1951-1] libtomcrypt security update
2019-10-09 21:16:39
debiancve
debiancve
CVE-2019-17362
2019-10-09 01:15:10
ubuntu
ubuntu
LibTomCrypt vulnerability
2021-03-15 00:00:00
cve
cve
CVE-2019-17362
2019-10-09 01:15:10
ubuntucve
ubuntucve
CVE-2019-17362
2019-10-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-10-10 03:50:44
cbl_mariner
cbl_mariner
CVE-2019-17362 affecting package libtomcrypt for versions less than 1.18.2-9
2024-04-03 00:40:51
CVE-2019-17362 affecting package libtomcrypt for versions less than 1.18.2-9
2022-12-09 01:50:59
nvd
nvd
CVE-2019-17362
2019-10-09 01:15:10

0.018 Low

EPSS

Percentile

88.3%

JSON
Related for FDEEC5DABBDF7B01B8BF83AD048005182C6F91B02B13C7A273A7E522120BB5A3
openvas13suse2redhatcve1nessus14mageia1osv3prion1fedora2alpinelinux1cvelist1debian1debiancve1ubuntu1cve1ubuntucve1veracode1cbl_mariner2nvd1