Vulnerabilities (CVE)

Vendor filter

Libtom Subscribe

Product filter

Libtomcrypt Subscribe

Filter

5 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17362 2 Libtom, Debian 2 Libtomcrypt, Debian Linux 2019-10-15 6.4
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read...
CVE-2018-12433 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a...
CVE-2018-12437 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual...
CVE-2018-12438 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the...
CVE-2016-6129 2 Libtom, Op-tee 2 Op-tee Os, Libtomcrypt 2017-03-13 5.0
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA...