{"schema_version":"1.7.2","id":"OESA-2021-1029","modified":"2021-02-05T11:02:36Z","published":"2021-02-05T11:02:36Z","upstream":["CVE-2019-17362"],"summary":"libtomcrypt security update","details":"LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. \\r\\n\\r\\n\r\nSecurity Fix(es):\\r\\n\\r\\n\r\nIn LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.(CVE-2019-17362)\\r\\n\\r\\n","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"libtomcrypt","purl":"pkg:rpm/openEuler/libtomcrypt\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.18.2-4.oe1"}]}],"ecosystem_specific":{"aarch64":["libtomcrypt-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-debuginfo-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-debugsource-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-devel-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-debuginfo-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-debugsource-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-devel-1.18.2-4.oe1.aarch64.rpm"],"src":["libtomcrypt-1.18.2-4.oe1.src.rpm","libtomcrypt-1.18.2-4.oe1.src.rpm"],"x86_64":["libtomcrypt-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-debuginfo-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-debugsource-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-devel-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-debuginfo-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-debugsource-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-devel-1.18.2-4.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"libtomcrypt","purl":"pkg:rpm/openEuler/libtomcrypt\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.18.2-4.oe1"}]}],"ecosystem_specific":{"aarch64":["libtomcrypt-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-debuginfo-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-debugsource-1.18.2-4.oe1.aarch64.rpm","libtomcrypt-devel-1.18.2-4.oe1.aarch64.rpm"],"src":["libtomcrypt-1.18.2-4.oe1.src.rpm"],"x86_64":["libtomcrypt-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-debuginfo-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-debugsource-1.18.2-4.oe1.x86_64.rpm","libtomcrypt-devel-1.18.2-4.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1029"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17362"}],"database_specific":{"severity":"High"}}