Main Vulnerability Database SB2019061302

SB2019061302 - Remote denial of service in SymCrypt library in Microsoft Windows

Published: June 13, 2019

Security Bulletin ID SB2019061302

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric() function when processing X.509 certificates. A remote attacker can supply a specially crafted X.509 certificate to the affected system and trigger denial of service conditions.

Any application that uses the vulnerable library, e.g. antivirus software is susceptible to this issue.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id=1804

SB2019061302 - Remote denial of service in SymCrypt library in Microsoft Windows

Breakdown by Severity

Description

Remediation

References

Please verify you're human