libtom/libtomcrypt

GitHub

github.com

www.libtom.net

Releases53

Frequency1 month 3 weeks

Last Release almost 8 years ago

Stars1.77K

LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-40912 ↗	Jun 11, 2025Wednesday, 11 June 2025, 18:15	9.8 CRITICAL	—
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
CVE-2018-25099 ↗	Mar 18, 2024Monday, 18 March 2024, 05:15	9.8 CRITICAL	—
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.
CVE-2019-17362 ↗	Oct 9, 2019Wednesday, 9 October 2019, 01:15	9.1 CRITICAL	6.4 MEDIUM
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
CVE-2016-6129 ↗	Feb 13, 2017Monday, 13 February 2017, 18:59	—	5 MEDIUM
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.