CVE-2019-17362
- EPSS 0.51%
- Published 09.10.2019 01:15:10
- Last modified 21.11.2024 04:32:11
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and cr...
CVE-2018-12437
- EPSS 0.08%
- Published 15.06.2018 02:29:00
- Last modified 21.11.2024 03:45:13
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...
CVE-2016-6129
- EPSS 0.15%
- Published 13.02.2017 18:59:00
- Last modified 20.04.2025 01:37:25
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatur...