CVE-2019-17362 — Out-of-bounds Read in Libtomcrypt
Severity
9.8CRITICALNVD
NVD9.1OSV9.1
EPSS
0.5%
top 35.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 9
Latest updateJun 11
Description
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2
Affected Packages11 packages
Also affects: Debian Linux 8.0
Patches
🔴Vulnerability Details
4📋Vendor Advisories
5Debian▶
CVE-2025-40912: libcryptx-perl - CryptX for Perl before version 0.065 contains a dependency that may be susceptib...↗2025
Microsoft▶
In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cau↗2019-10-08
Red Hat▶
libtomcrypt: out-of-bounds read in the der_decode_utf8_string function in der_decode_utf8_string.c↗2019-08-10
Debian▶
CVE-2019-17362: libtomcrypt - In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decod...↗2019
💬Community
3Bugzilla▶
CVE-2019-17362 libtomcrypt: out-of-bounds read in the der_decode_utf8_string function in der_decode_utf8_string.c [fedora-all]↗2019-11-21
Bugzilla▶
CVE-2019-17362 libtomcrypt: out-of-bounds read in the der_decode_utf8_string function in der_decode_utf8_string.c↗2019-11-21
Bugzilla▶
CVE-2019-17362 libtomcrypt: out-of-bounds read in the der_decode_utf8_string function in der_decode_utf8_string.c [epel-all]↗2019-11-21