Описание
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.18.2-3 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 1.18.1-1ubuntu0.1+esm1 |
| esm-apps/focal | not-affected | 1.18.2-3 |
| esm-apps/jammy | not-affected | 1.18.2-3 |
| esm-apps/xenial | released | 1.17-7ubuntu0.1+esm1 |
| esm-infra-legacy/trusty | released | 1.17-5ubuntu0.1+esm1 |
| focal | not-affected | 1.18.2-3 |
Показывать по
Ссылки на источники
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in ...
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3