First published: Thu Oct 22 2020(Updated: )
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microchip Cryptoauthlib | <20191122 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Microchip CryptoAuthentication Library buffer overflow is CVE-2019-16129.
CVE-2019-16129 has a severity rating of 6.8 (medium).
The buffer overflow vulnerability in the Microchip CryptoAuthentication Library prior to version 20191122 could lead to remote code execution or denial of service attacks.
Yes, updating to version 20191122 or later of the Microchip CryptoAuthentication Library fixes the buffer overflow vulnerability.
You can find more information about the Microchip CryptoAuthentication Library buffer overflow vulnerability at the following references: [1] http://www.openwall.com/lists/oss-security/2020/10/22/1 [2] https://census-labs.com/news/2020/10/21/microchip-cryptoauthlib-atcab_genkey_base-buffer-overflow/ [3] https://www.microchip.com/design-centers/security-ics/cryptoauthentication