Main Vulnerability Database Vulnerabilities #VU18788

Cryptographic issues in Microsoft products - #VU18788

Published: June 13, 2019

Vulnerability identifier: #VU18788

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: N/A

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
SymCrypt
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric() function when processing X.509 certificates. A remote attacker can supply a specially crafted X.509 certificate to the affected system and trigger denial of service conditions.

Any application that uses the vulnerable library, e.g. antivirus software is susceptible to this issue.

Remediation

Install updates from vendor's website.

Sources

https://bugs.chromium.org/p/project-zero/issues/detail?id=1804

Cryptographic issues in Microsoft products - #VU18788

Detailed vulnerability description

Remediation

Sources

Please verify you're human