CVE-2019-3729

RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.

CVSS v3 2.4 LOW
CVSS v2.0 2.7 LOW

2.4^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 5.1 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.dell.com/support/kbdoc/000194054	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:bsafe_micro-edition-suite::::::::
	cpe:2.3:a:dell:bsafe_micro-edition-suite::::::::

History

12 Apr 2022, 18:40

Type	Values Removed	Values Added
References	~~(MISC) https://www.dell.com/support/kbdoc/000194054 -~~	(MISC) https://www.dell.com/support/kbdoc/000194054 - Vendor Advisory

04 Feb 2022, 23:15

Type	Values Removed	Values Added
References	{'url': 'https://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab', 'name': 'https://www.dell.com/support/security/en-us/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}	(MISC) https://www.dell.com/support/kbdoc/000194054 -

09 Dec 2021, 18:21

Type	Values Removed	Values Added
CPE	cpe:2.3:a:dell:bsafe:::::micro_edition_suite:::*	cpe:2.3:a:dell:bsafe_micro-edition-suite::::::::

30 Nov 2021, 17:25

Type	Values Removed	Values Added
CPE	cpe:2.3:a:emc:rsa_bsafe:::::micro_edition_suite:::*	cpe:2.3:a:dell:bsafe:::::micro_edition_suite:::*

29 Oct 2021, 19:54

Type	Values Removed	Values Added
CWE	~~CWE-120~~	CWE-787

Information

Published : 2019-09-30 22:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-3729

Mitre link : CVE-2019-3729

CVE.ORG link : CVE-2019-3729

JSON object : View

Products Affected

dell

bsafe_micro-edition-suite

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

2.4 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.7 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-3729

2.4^/10

2.7^/10

Attach tags to `CVE-2019-3729`