Libtomcrypt Security Vulnerabilities and Issues — Libtomcrypt CVE List

LibtomLibtomcrypt

3 matches found

CVE•added 2019/10/09 12:0 a.m.•191 views

CVE-2019-17362

CVE-2019-17362 affects LibTomCrypt up to version 1.18.2. The vulnerability resides in der_decode_utf8_string (der_decode_utf8_string.c), which fails to detect certain invalid UTF-8 sequences, enabling context-dependent attackers to cause a denial of service via an out-of-bounds read and crash, or...

9.1CVSS8.7AI score0.00473EPSS

CVE•added 2018/06/15 2:0 a.m.•99 views

CVE-2018-12437

CVE-2018-12437 affects LibTomCrypt up to 1.18.1, enabling a memory-cache side-channel attack to extract ECDSA keys when an attacker has local access or co-residency on the same host. Mitigation in affected packages is to upgrade LibTomCrypt (e.g., Fedora/Mageia advisories show fixes in 1.18.2+) t...

4.9CVSS4.8AI score0.00082EPSS

CVE•added 2017/02/13 6:0 p.m.•57 views

CVE-2016-6129

CVE-2016-6129 affects LibTomCrypt (used by OP-TEE before 2.2.0). The rsa_verify_hash_ex function does not validate that the message length matches the ASN.1 encoded data length, enabling Bleichenbacher-like forgery of RSA signatures or public certificates. Public disclosures in multiple feeds (De...

7.5CVSS7.3AI score0.00185EPSS