{"id":"CVE-2019-17362","details":"In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.","modified":"2026-04-02T01:41:55.359992Z","published":"2019-10-09T01:15:10.130Z","related":["MGASA-2020-0028","SUSE-SU-2019:2808-1","SUSE-SU-2019:3095-1","openSUSE-SU-2019:2454-1","openSUSE-SU-2019:2514-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00020.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00041.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47YP5SXQ4RY6KMTK2HI5ZZR244XKRMCZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU5OMCY3PX54YVI4FMNDEENHDJZJ3RJW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47YP5SXQ4RY6KMTK2HI5ZZR244XKRMCZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU5OMCY3PX54YVI4FMNDEENHDJZJ3RJW/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html"},{"type":"REPORT","url":"https://vuldb.com/?id.142995"},{"type":"FIX","url":"https://github.com/libtom/libtomcrypt/pull/508"},{"type":"EVIDENCE","url":"https://github.com/libtom/libtomcrypt/issues/507"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libtom/libtomcrypt","events":[{"introduced":"0"},{"last_affected":"7e7eb695d581782f04b24dc444cbfde86af59853"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.18.2"}]}}],"versions":["0.75","0.76","0.77","0.78","0.79","0.80","0.81","0.82","0.83","0.84","0.85","0.86","0.87","0.88","0.89","0.90","0.91","0.92","0.93","0.94","0.95","0.96","0.97","0.97a","0.97b","0.98","0.99","1.00","1.01","1.02","1.03","1.04","1.05","1.06","1.07","1.08","1.09","1.10","1.11","1.12","1.13","1.14","1.15","1.16","1.17","v1.18.0","v1.18.0-rc1","v1.18.0-rc2","v1.18.0-rc3","v1.18.0-rc4","v1.18.0-rc5","v1.18.1","v1.18.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17362.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}