Main Vulnerability Database Vulnerabilities #VU21463

Heap inspection in RSA BSAFE Crypto-C - CVE-2019-3733

Published: October 1, 2019

Vulnerability identifier: #VU21463

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-3733

CWE-ID: CWE-244

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Dell

Affected software:
RSA BSAFE Crypto-C

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. A remote authenticated attacker can extract information leaving data at risk of exposure.

This vulnerability affects the following versions:

RSA BSAFE Crypto-C Micro Edition - versions prior to 4.1.4 (4.0.x and 4.1.x)

How to mitigate CVE-2019-3733

Install updates from vendor's website.

Sources

https://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab

Heap inspection in RSA BSAFE Crypto-C - CVE-2019-3733

Detailed vulnerability description

How to mitigate CVE-2019-3733

Sources

Please verify you're human