प्लेटफ़ॉर्म
other
घटक
rsa-bsafe-mes
में ठीक किया गया
4.4
CVE-2019-3729 identifies a buffer overflow vulnerability within RSA BSAFE Micro Edition Suite (BSAFE MES). This flaw arises during the parsing of ECDSA signatures and could potentially lead to a denial-of-service (DoS) condition, causing the affected system's library to crash. The vulnerability impacts versions 4.0.x, 4.1.x, 4.2.x, and 4.3.x of BSAFE MES, with a fix available in version 4.4.
Successful exploitation of CVE-2019-3729 requires an attacker with adjacent network access to the affected system. While the vulnerability is classified as LOW severity, the impact can be significant. An attacker could trigger the buffer overflow by sending a specially crafted ECDSA signature, leading to a crash of the BSAFE MES library. This crash can disrupt services relying on the library, potentially causing downtime and impacting critical operations. The vulnerability does not appear to provide a direct path to remote code execution (RCE), but a denial of service can be a disruptive attack vector in itself.
CVE-2019-3729 was published on September 30, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. The CVSS score of 2.4 reflects the LOW severity and the requirement for adjacent network access. No public proof-of-concept (POC) exploits have been widely reported, suggesting a relatively low exploitation probability.
एक्सप्लॉइट स्थिति
EPSS
0.12% (30% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2019-3729 is to upgrade to RSA BSAFE MES version 4.4 or later. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider implementing network segmentation to restrict access to the affected system from untrusted networks. While a direct workaround to prevent the overflow isn't readily available, carefully validating ECDSA signatures received from external sources can reduce the attack surface. After upgrading, confirm the fix by attempting to parse a known malicious ECDSA signature – the library should not crash.
Actualice RSA BSAFE Micro Edition Suite a la versión 4.4 o posterior. Esta actualización corrige una vulnerabilidad de desbordamiento de búfer basado en montón al analizar la firma ECDSA. La actualización mitiga el riesgo de que un usuario malintencionado con acceso de red adyacente provoque una falla en la biblioteca del sistema afectado.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2019-3729 is a buffer overflow vulnerability in RSA BSAFE Micro Edition Suite (BSAFE MES) versions up to 4.4, affecting ECDSA signature parsing. Exploitation requires adjacent network access and can cause a system crash.
You are affected if you are using RSA BSAFE MES versions 4.0.x, 4.1.x, 4.2.x, or 4.3.x. Upgrade to version 4.4 or later to mitigate the risk.
The recommended fix is to upgrade to RSA BSAFE MES version 4.4 or later. If immediate upgrade is not possible, implement network segmentation to restrict access.
There are currently no reports of active exploitation campaigns targeting CVE-2019-3729, but it remains a potential risk.
Refer to the RSA Security Advisory for details: https://www.rsa.com/security-advisory/rsa-sa-2019-005
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।