OESA-2021-1029

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1029
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1029.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1029
Upstream
Published
2021-02-05T11:02:36Z
Modified
2025-08-12T05:04:28.671823Z
Summary
libtomcrypt security update
Details

LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. \r\n\r\n Security Fix(es):\r\n\r\n In LibTomCrypt through 1.18.2, the derdecodeutf8string function (in derdecodeutf8string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.(CVE-2019-17362)\r\n\r\n

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS / libtomcrypt

Package

Name
libtomcrypt
Purl
pkg:rpm/openEuler/libtomcrypt&distro=openEuler-20.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.2-4.oe1

Ecosystem specific 

{
    "x86_64": [
        "libtomcrypt-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-debuginfo-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-debugsource-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-devel-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-debuginfo-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-debugsource-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-devel-1.18.2-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "libtomcrypt-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-debuginfo-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-debugsource-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-devel-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-debuginfo-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-debugsource-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-devel-1.18.2-4.oe1.aarch64.rpm"
    ],
    "src": [
        "libtomcrypt-1.18.2-4.oe1.src.rpm",
        "libtomcrypt-1.18.2-4.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP1 / libtomcrypt

Package

Name
libtomcrypt
Purl
pkg:rpm/openEuler/libtomcrypt&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.18.2-4.oe1

Ecosystem specific 

{
    "x86_64": [
        "libtomcrypt-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-debuginfo-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-debugsource-1.18.2-4.oe1.x86_64.rpm",
        "libtomcrypt-devel-1.18.2-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "libtomcrypt-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-debuginfo-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-debugsource-1.18.2-4.oe1.aarch64.rpm",
        "libtomcrypt-devel-1.18.2-4.oe1.aarch64.rpm"
    ],
    "src": [
        "libtomcrypt-1.18.2-4.oe1.src.rpm"
    ]
}