cryptoauthlib is vulnerable to denial of service (DoS).The attack exists due to lack of validation of reported packet length against the packet being processed, leading to an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
cryptoauthlib | le | 20190903 |
www.openwall.com/lists/oss-security/2020/10/22/1
census-labs.com/news/2020/10/21/microchip-cryptoauthlib-atcab_sign_base-buffer-overflow/
github.com/MicrochipTech/cryptoauthlib/commit/eabc052456b6757f17db47b41b1de7b7c2cc167f
github.com/MicrochipTech/cryptoauthlib/releases
www.microchip.com/design-centers/security-ics/cryptoauthentication