Libtomcrypt · Libtomcrypt · CVE-2019-17362
**Name of the Vulnerable Software and Affected Versions**
LibTomCrypt versions 1.18.2 and earlier
**Description**
The issue arises from the der decode utf8 string function not properly detecting certain invalid UTF-8 sequences. This allows attackers to cause a denial of service, such as an out-of-bounds read and crash, or to read information from other memory locations via carefully crafted DER-encoded data.
**Recommendations**
For LibTomCrypt versions 1.18.2 and earlier, update to a version later than 1.18.2 to resolve the issue.
At the moment, there is no information about other specific mitigation measures for this vulnerability.