CVE-2019-17362
- Source
- https://cve.org/CVERecord?id=CVE-2019-17362
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17362.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-17362
- Downstream
- Related
- Published
- 2019-10-09T01:15:10.130Z
- Modified
- 2026-02-13T08:35:25.124942Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In LibTomCrypt through 1.18.2, the derdecodeutf8string function (in derdecodeutf8string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47YP5SXQ4RY6KMTK2HI5ZZR244XKRMCZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU5OMCY3PX54YVI4FMNDEENHDJZJ3RJW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47YP5SXQ4RY6KMTK2HI5ZZR244XKRMCZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU5OMCY3PX54YVI4FMNDEENHDJZJ3RJW/
- https://github.com/libtom/libtomcrypt/issues/507
- https://github.com/libtom/libtomcrypt/pull/508
- https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html
- https://vuldb.com/?id.142995
- https://github.com/libtom/libtomcrypt/pull/508
- https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html
- https://github.com/libtom/libtomcrypt/issues/507
Affected packages
Git / github.com/aria2/aria2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aria2/aria2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
release-1.*
release-1.10.7
release-1.10.8
release-1.10.9
release-1.11.0
release-1.11.1
release-1.11.2
release-1.12.0
release-1.12.1
release-1.13.0
release-1.14.0
release-1.14.1
release-1.14.2
release-1.15.0
release-1.15.1
release-1.15.2
release-1.16.0
release-1.16.1
release-1.16.2
release-1.16.3
release-1.16.4
release-1.16.5
release-1.17.0
release-1.17.1
release-1.18.0
release-1.18.1
release-1.18.2