Sign-up

ID

VAR-201909-1538


CVE

CVE-2019-3728


TITLE

RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-010284

DESCRIPTION

RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-3728 // JVNDB: JVNDB-2019-010284 // VULHUB: VHN-155163

AFFECTED PRODUCTS

vendor:dellmodel:bsafe micro-edition-suitescope:gteversion:4.1.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:ltversion:4.0.5.4

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:ltversion:4.1.4

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:ltversion:4.0.13

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:ltversion:4.4.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-cscope:lteversion:6.4

Trust: 1.0

vendor:dellmodel:bsafe micro-edition-suitescope:gteversion:4.0.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-cscope:gteversion:6.0.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:gteversion:4.0.0

Trust: 1.0

vendor:dellmodel:bsafe crypto-c-micro-editionscope:gteversion:4.1.0

Trust: 1.0

vendor:dell emc old emcmodel:rsa bsafescope:ltversion:4.0.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.2.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:ltversion:4.0.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.1.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:eqversion:4.1.4

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.3.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:ltversion:4.1.x

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafescope:eqversion:4.0.13

Trust: 0.8

vendor:dell emc old emcmodel:rsa bsafe crypto-cscope:eqversion:4.0.5.4

Trust: 0.8

sources: JVNDB: JVNDB-2019-010284 // NVD: CVE-2019-3728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3728
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3728
value: HIGH

Trust: 1.0

NVD: CVE-2019-3728
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1367
value: HIGH

Trust: 0.6

VULHUB: VHN-155163
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3728
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155163
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3728
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2019-3728
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155163 // JVNDB: JVNDB-2019-010284 // CNNVD: CNNVD-201909-1367 // NVD: CVE-2019-3728 // NVD: CVE-2019-3728

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-155163 // JVNDB: JVNDB-2019-010284 // NVD: CVE-2019-3728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1367

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1367

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010284

PATCH
title:DSA-2019-079: RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite Multiple Security Vulnerabilitiesurl:https://www.dell.com/support/security/ja-jp/details/DOC-107000/DSA-2019-079-RSA-BSAFE®-Crypto-C-Micro-Edition-and-Micro-Edition-Suite-Multiple-Security-Vulnerab
Trust: 0.8
title:RSA BSAFE Crypto-C Micro Edition  and RSA BSAFE Micro Edition Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98746
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010284 // 
            
            
            
            CNNVD: CNNVD-201909-1367

EXTERNAL IDS
db:NVDid:CVE-2019-3728
Trust: 2.5
db:JVNDBid:JVNDB-2019-010284
Trust: 0.8
db:CNNVDid:CNNVD-201909-1367
Trust: 0.7
db:VULHUBid:VHN-155163
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155163 // 
            
            
            
            JVNDB: JVNDB-2019-010284 // 
            
            
            
            CNNVD: CNNVD-201909-1367 // 
            
            
            
            NVD: CVE-2019-3728

REFERENCES
url:https://www.dell.com/support/kbdoc/000194054
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3728
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3728
Trust: 0.8
url:https://www.dell.com/support/security/en-us/details/doc-107000/dsa-2019-079-rsa-bsafeĀ®-crypto-c-micro-edition-and-micro-edition-suite-multiple-security-vulnerab
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155163 // 
            
            
            
            JVNDB: JVNDB-2019-010284 // 
            
            
            
            CNNVD: CNNVD-201909-1367 // 
            
            
            
            NVD: CVE-2019-3728

SOURCES
db:VULHUBid:VHN-155163
db:JVNDBid:JVNDB-2019-010284
db:CNNVDid:CNNVD-201909-1367
db:NVDid:CVE-2019-3728

LAST UPDATE DATE
2025-05-22T23:08:44.033000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155163date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2019-010284date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1367date:2022-03-10T00:00:00
db:NVDid:CVE-2019-3728date:2025-05-22T16:19:15.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-155163date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010284date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-1367date:2019-09-30T00:00:00
db:NVDid:CVE-2019-3728date:2019-09-30T22:15:10.373