Search for packages
| purl | pkg:deb/debian/libtomcrypt@1.18.2-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-xk8z-61rk-fbb5
Aliases: CVE-2019-17362 |
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-c384-3rsb-wkap | LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
CVE-2018-12437
|
| VCID-h1s3-pewe-7yc6 | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). |
CVE-2018-0739
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T20:09:57.136794+00:00 | Debian Oval Importer | Fixing | VCID-c384-3rsb-wkap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T18:27:47.607497+00:00 | Debian Oval Importer | Fixing | VCID-h1s3-pewe-7yc6 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T17:02:50.878904+00:00 | Debian Oval Importer | Affected by | VCID-xk8z-61rk-fbb5 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |