Описание
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Отчет
Red Hat CloudForms 5.9, 5.10 and 5.11 are not affected as it does not ship anymore libtomcrypt library. Only CloudForms 5.8 which is EOL delivers libtomcrypt library. Red Hat Ansible Engine 2.8 and 2.9 are not affected as it does not ship libtomcrypt library anymore and Ansible Engine 2.7 had deprecate it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | libtomcrypt | Not affected | ||
| Red Hat Ansible Engine 2 | libtomcrypt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in ...
EPSS
6.5 Medium
CVSS3