VulnerableCode Package Details - pkg:deb/debian/libtomcrypt@1.17-2

Search for packages

Package details: pkg:deb/debian/libtomcrypt@1.17-2

Essentials
History (4)

purl	pkg:deb/debian/libtomcrypt@1.17-2

Next non-vulnerable version	1.18.2-5
Latest non-vulnerable version	1.18.2-5
Risk	4.1

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-c384-3rsb-wkap Aliases: CVE-2018-12437	LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.	1.18.2-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-h1s3-pewe-7yc6 Aliases: CVE-2018-0739	Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).	1.18.2-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vy5f-r2hx-hfhg Aliases: CVE-2016-6129	libtomcrypt: possible OP-TEE Bleichenbacher attack	1.17-9 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xk8z-61rk-fbb5 Aliases: CVE-2019-17362	In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.	1.18.2-5 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:09:57.118087+00:00	Debian Oval Importer	Affected by	VCID-c384-3rsb-wkap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:27:47.588983+00:00	Debian Oval Importer	Affected by	VCID-h1s3-pewe-7yc6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:02:50.859151+00:00	Debian Oval Importer	Affected by	VCID-xk8z-61rk-fbb5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:07:51.931514+00:00	Debian Oval Importer	Affected by	VCID-vy5f-r2hx-hfhg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0