CVE-2018-16149 in axTLSinformation

Résumé (Anglaise)

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Réserver

29/08/2018

Divulgation

07/11/2018

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
126520	axTLS ASN.1 x509.c sig_verify authentification faible	347	Non défini	Correctif officiel	CVE-2018-16149

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PrécédentAperçuSuivant ▸

Want to know what is going to be exploited?

We predict KEV entries!