Trusteer Mobile SDK which uses libtomcrypto lib is vulnerable to a denial of service issue. IBM has addressed the issue in the latest version of the SDK.
CVEID:CVE-2019-17362
**DESCRIPTION:**LibTomCrypt is vulnerable to a denial of service, caused by the failure to properly detect certain invalid UTF-8 sequences in der_decode_utf8_string function in der_decode_utf8_string.c. By providing crafted DER-encoded data, a remote attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169106 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
Trusteer iOS SDK for mobile | All |
IBM backported the fix into the SDK.
The updated version can be download from the IBM Trusteer Customer Portal:
<https://trusteersupport.force.com/Support>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security trusteer mobile sdk | eq | 5.2 |