- Description
- RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.
- Source
- security_alert@emc.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFAEB090-BBFF-480A-B6FB-12B456491D0C",
"versionEndExcluding": "4.0.5.4",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B84EF48C-635E-415B-A800-DBF5354C56B3",
"versionEndExcluding": "4.1.4",
"versionStartIncluding": "4.1.0"
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21A529D6-EFA9-4D73-BA20-550A8F760F3B",
"versionEndExcluding": "4.0.13",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "091E2050-E137-4175-9904-864CE94B2DA1",
"versionEndExcluding": "4.4.0",
"versionStartIncluding": "4.1.0"
}
],
"operator": "OR"
}
]
}
]