Skip to main content

Libtomcrypt

2 CVEs product

Monthly

CVE-2019-17362 CRITICAL POC PATCH Act Now

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Libtomcrypt Debian Linux
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
3.2%
CVE-2018-12437 MEDIUM POC This Month

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libtomcrypt Op Tee
NVD VulDB
CVSS 3.1
4.9
EPSS
0.1%
EPSS 3% CVSS 9.1
CRITICAL POC PATCH Act Now

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM POC This Month

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libtomcrypt Op Tee
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy