Fedora 37 update for perl-CryptX
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-17362 |
| CWE-ID | CWE-125 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system perl-CryptX Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU22616
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-17362
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) atttack.
The vulnerability exists due to a boundary condition within the der_decode_utf8_string() function in der_decode_utf8_string.c file in LibTomCrypt. A remote attacker can pass to the application specially crafted DER-encoded data, trigger out-of-bounds read error and cause application crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
perl-CryptX: before 0.080-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:perl-cryptx:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-d07e885d26
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
