Libtomcrypt
By the Year
In 2024 there have been 0 vulnerabilities in Libtomcrypt . Libtomcrypt did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.10 |
| 2018 | 1 | 4.90 |
It may take a day or so for new Libtomcrypt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Libtomcrypt Security Vulnerabilities
In LibTomCrypt through 1.18.2
CVE-2019-17362
9.1 - Critical
- October 09, 2019
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Out-of-bounds Read
LibTomCrypt through 1.18.1
CVE-2018-12437
4.9 - Medium
- June 15, 2018
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linaro Op Tee or by Libtom? Click the Watch button to subscribe.
