Fedora 38 : perl-CryptX (2023-b4b9b38f23)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b4b9b38f23 advisory. Update to 0.080 Fix CVE-2019-17362 in bundled libtomcrypt Tenable has extracted the preceding description block directly from the Fedora security advisory...

In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

...

Updated libtomcrypt packages fix security vulnerability

Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data CVE-2019-17362...

SUSE SLED12 Security Update : libtomcrypt (SUSE-SU-2019:3095-1)

This update for libtomcrypt fixes the following issues : CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data bsc1153433. Note that Tenable Network Security has extracted the preceding description...

openSUSE Security Update : libtomcrypt (openSUSE-2019-2514)

This update for libtomcrypt fixes the following issue : CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data bsc1153433. This update was imported from the SUSE:SLE-15:Update update project. C Tenab...

Security update for libtomcrypt (moderate)

openSUSE Security Update: Security update for libtomcrypt Announcement ID: openSUSE-SU-2019:2514-1 Rating: moderate References: 1153433 Cross-References: CVE-2019-17362 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

openSUSE Security Update : libtomcrypt (openSUSE-2019-2454)

This update for libtomcrypt fixes the following issue : CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data bsc1153433. This update was imported from the SUSE:SLE-15:Update update project...

openSUSE: Security Advisory for libtomcrypt (openSUSE-SU-2019:2454-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libtomcrypt (moderate)

openSUSE Security Update: Security update for libtomcrypt Announcement ID: openSUSE-SU-2019:2454-1 Rating: moderate References: 1153433 Cross-References: CVE-2019-17362 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Denial Of Service (DoS)

libtomcrypt.so is vulnerable to denial of service DoS. The attack is possible because it does not properly handle detection of invalid UTF-8 sequences in the function derdecodeutf8string when an malicious DER-encoded data, causing memory leaks...

Debian: Security Advisory (DLA-1951-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

Out-of-bounds

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

Denial Of Service (DoS)

libtasn1.so is vulnerable to denial of service DoS. The attack exists because it allows a two-byte stack overflow while decoding DER encoded data in asn1derdecoding, leading to the DoS attack and possibly other attacks...

Amazon Linux: Security Advisory (ALAS-2012-73)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : openssl (ALAS-2012-72)

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO input could cause...

RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJD...

CVE-2009-3876

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...