Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

164 matches found

CNVD
CNVDadded 2019/10/09 12:0 a.m.4 views

LibTomCrypt Memory Corruption Vulnerability

LibTomCrypt is a fairly comprehensive modular portable encryption toolkit. LibTomCrypt 1.18.2 and earlier versions suffer from a memory corruption vulnerability that stems from the derdecodeutf8string function in derdecodeutf8string.c failing to correctly detect certain invalid UTF-8 sequences,...

9.1CVSS6.8AI score0.00473EPSS
Exploits1References1
Cvelist
Cvelistadded 2019/10/09 12:0 a.m.13 views

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

8.9AI score0.00473EPSS
Exploits1References8
AlpineLinux
AlpineLinuxadded 2019/10/09 12:0 a.m.24 views

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

9.1CVSS9.1AI score0.00473EPSS
Exploits1
Debian CVE
Debian CVEadded 2019/10/09 12:0 a.m.12 views

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

9.1CVSS7.7AI score0.00473EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2019/01/03 12:0 a.m.24 views

Fedora 28 : libtomcrypt (2018-9d667bdff8)

Fix Side Channel Based ECDSA Key Extraction CVE-2018-12437 PR 408 - Fix potential stack overflow when DER flexi-decoding CVE-2018-0739 PR 373 - Fix two-key 3DES PR 390 - Fix accelerated CTR mode PR 359 - Fix Fortuna PRNG PR 363 - Fix compilation on platforms where cc doesn't point to gcc PR 382 -...

6.5CVSS6.4AI score0.14445EPSS
Exploits1References3
OSV
OSVadded 2018/08/15 3:45 p.m.7 views

MGASA-2018-0339 Updated libtomcrypt packages fix security vulnerability

libtomcrypt has been updated to secure it against two security vulnerabilities. A problem in the ASN.1 parser could cause a stack overflow and a resulting denial of service when parsing deeply recursive ASN.1 types CVE-2018-0739. An attacker capable of triggering signatures and mounting a side...

6.5CVSS6.1AI score0.14445EPSS
Exploits1References2
Mageia
Mageiaadded 2018/08/15 3:45 p.m.89 views

Updated libtomcrypt packages fix security vulnerability

libtomcrypt has been updated to secure it against two security vulnerabilities. A problem in the ASN.1 parser could cause a stack overflow and a resulting denial of service when parsing deeply recursive ASN.1 types CVE-2018-0739. An attacker capable of triggering signatures and mounting a side...

6.5CVSS4.5AI score0.14445EPSS
Exploits1References1
OpenVAS
OpenVASadded 2018/07/21 12:0 a.m.38 views

Fedora Update for libtomcrypt FEDORA-2018-39e0872379

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.14445EPSS
Exploits1References2
OpenVAS
OpenVASadded 2018/07/20 12:0 a.m.41 views

Fedora Update for libtomcrypt FEDORA-2018-9d667bdff8

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.14445EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2018/06/15 6:20 p.m.57 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

5.5CVSS2.4AI score0.00296EPSS
Exploits2References1
OSV
OSVadded 2018/06/15 2:29 a.m.28 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

4.9CVSS5.2AI score
Exploits0References2
UbuntuCve
UbuntuCveadded 2018/06/15 2:29 a.m.34 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

4.9CVSS6.5AI score0.00082EPSS
Exploits1References3
OSV
OSVadded 2018/06/15 2:29 a.m.2 views

DEBIAN-CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

4.9CVSS6.3AI score0.00082EPSS
Exploits1References1
Prion
Prionadded 2018/06/15 2:29 a.m.26 views

Memory corruption

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

1.9CVSS4.9AI score0.00082EPSS
Exploits1References2Affected Software2
NVD
NVDadded 2018/06/15 2:29 a.m.28 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

4.9CVSS4.8AI score0.00082EPSS
Exploits1References2
CVE
CVEadded 2018/06/15 2:0 a.m.99 views

CVE-2018-12437

CVE-2018-12437 affects LibTomCrypt up to 1.18.1, enabling a memory-cache side-channel attack to extract ECDSA keys when an attacker has local access or co-residency on the same host. Mitigation in affected packages is to upgrade LibTomCrypt (e.g., Fedora/Mageia advisories show fixes in 1.18.2+) t...

4.9CVSS4.8AI score0.00082EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2018/06/15 2:0 a.m.30 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

4.7AI score0.00082EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2018/06/15 2:0 a.m.22 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

4.9CVSS5.4AI score0.00082EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2018/06/15 12:0 a.m.1 views

PT-2018-11173

Name of the Vulnerable Software and Affected Versions LibTomCrypt versions prior to 1.18.2 Description The issue allows a memory-cache side-channel attack on ECDSA signatures, also known as the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to...

4.9CVSS6.2AI score0.00082EPSS
Exploits1References15
CNVD
CNVDadded 2018/06/15 12:0 a.m.1 views

LibTomCrypt ROHNP Vulnerability

LibTomCrypt is a modular and portable encryption toolkit. A security vulnerability exists in LibTomCrypt 1.18.1 and earlier versions. An attacker can exploit this vulnerability to obtain ECDSA keys by accessing a local device or a different virtual machine on the same physical host...

4.9CVSS5.3AI score0.00082EPSS
Exploits1References1
Rows per page
Query Builder