DSA-2019-079: RSA BSAFE® Crypto-C Micro Edition and Micro Edition Suite Multiple Security Vulnerabilities

概要: RSA BSAFE Crypto-C Micro Edition and RSA BSAFE Micro Edition Suite updates contain fixes for multiple security vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

High

詳細

View details below for individual CVSS Score for each CVE.



 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
Buffer Over-read – CVE-2019-3728  RSA BSAFE Crypto-C Micro Edition versions before 4.0.5.4 (in 4.0.x) and before 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions before 4.0.13 (in 4.0.x) and before 4.4 (in 4.1.x, 4.2.x, and 4.3.x) and RSA BSAFE Crypto-C versions from 6.0.0 through 6.4 (in 6.4.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user may potentially exploit this vulnerability to cause a crash in the library of the affected system.  7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Heap-based Buffer Overflow – CVE-2019-3729  RSA BSAFE Micro Edition Suite versions before 4.4 (in 4.0.x, 4.1.x, 4.2.x, and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access may potentially exploit this vulnerability to cause a crash in the library of the affected system.  2.4 AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Information Exposure Through an Error Message – CVE-2019-3730  RSA BSAFE Micro Edition Suite versions before 4.1.6.3 (in 4.1.x) and before 4.4 (in 4.2.x, and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a "padding oracle attack vulnerability". A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure.  5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Information Exposure Through Timing Discrepancy – CVE-2019-3731  RSA BSAFE Crypto-C Micro Edition versions before 4.1.4 and RSA Micro Edition Suite versions before 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure.  5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N  
Information Exposure Through Timing Discrepancy – CVE-2019-3732  RSA BSAFE Crypto-C Micro Edition, versions before 4.0.5.3 (in 4.0.x) and before 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions before 4.0.11 (in 4.0.x), before 4.1.6.1 (in 4.1.x), and before 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure.  5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Improper Clearing of Heap Memory Before Release ('Heap Inspection') – CVE-2019-3733  RSA BSAFE Crypto-C Micro Edition, all versions before 4.1.4, are vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user may  potentially exploit this vulnerability to extract information leaving data at risk of exposure.  4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
Buffer Over-read – CVE-2019-3728  RSA BSAFE Crypto-C Micro Edition versions before 4.0.5.4 (in 4.0.x) and before 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions before 4.0.13 (in 4.0.x) and before 4.4 (in 4.1.x, 4.2.x, and 4.3.x) and RSA BSAFE Crypto-C versions from 6.0.0 through 6.4 (in 6.4.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user may potentially exploit this vulnerability to cause a crash in the library of the affected system.  7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Heap-based Buffer Overflow – CVE-2019-3729  RSA BSAFE Micro Edition Suite versions before 4.4 (in 4.0.x, 4.1.x, 4.2.x, and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access may potentially exploit this vulnerability to cause a crash in the library of the affected system.  2.4 AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Information Exposure Through an Error Message – CVE-2019-3730  RSA BSAFE Micro Edition Suite versions before 4.1.6.3 (in 4.1.x) and before 4.4 (in 4.2.x, and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a "padding oracle attack vulnerability". A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure.  5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Information Exposure Through Timing Discrepancy – CVE-2019-3731  RSA BSAFE Crypto-C Micro Edition versions before 4.1.4 and RSA Micro Edition Suite versions before 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure.  5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N  
Information Exposure Through Timing Discrepancy – CVE-2019-3732  RSA BSAFE Crypto-C Micro Edition, versions before 4.0.5.3 (in 4.0.x) and before 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions before 4.0.11 (in 4.0.x), before 4.1.6.1 (in 4.1.x), and before 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user may potentially exploit this vulnerability to extract information leaving data at risk of exposure.  5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Improper Clearing of Heap Memory Before Release ('Heap Inspection') – CVE-2019-3733  RSA BSAFE Crypto-C Micro Edition, all versions before 4.1.4, are vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user may  potentially exploit this vulnerability to extract information leaving data at risk of exposure.  4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Affected Products:
RSA BSAFE Crypto-C Micro Edition 

  • versions 4.0.x (CVE-2019-3733) 

  • versions before 4.0.5.3 in the 4.0.x series (CVE-2019-3732) 

  • versions before 4.0.5.4 in the 4.0.x series (CVE-2019-3728) 

  • versions before 4.1.3.3 in the 4.1.x series (CVE-2019-3732) 

  • versions before 4.1.4 in the 4.1.x series (CVE-2019-3728 and CVE-2019-3733) 


RSA BSAFE Micro Edition Suite 

  • versions before 4.0.11 in the 4.0.x series (CVE-2019-3732) 

  • versions before 4.0.13 in the 4.0.x series (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731) 

  • versions 4.1.x (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731) 

  • versions 4.2.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, and CVE-2019-3732) 

  • versions 4.3.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, and CVE-2019-3731) 

  • versions before 4.1.6.1 in the 4.1.x series (CVE-2019-3732) 

  • versions before 4.1.6.3 in the 4.1.x series (CVE-2019-3730) 

  • versions before 4.3.3 in the 4.3.x series (CVE-2019-3732) 

Recommendations:
The following RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite releases address these vulnerabilities: 

  • RSA BSAFE Crypto-C Micro Edition version 4.0.5.3 (CVE-2019-3732) 

  • RSA BSAFE Crypto-C Micro Edition version 4.1.4 (CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728) 

  • RSA recommends all customers upgrade to RSA BSAFE Crypto-C Micro Edition version 4.1.4 and Micro Edition Suite version 4.4 at the earliest opportunity. 

For additional documentation, downloads, and more, visit the RSA BSAFE page on RSA Link. 
 
Severity Rating: 
For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

  • RSA BSAFE Micro Edition Suite version 4.0.11 (CVE-2019-3732) 

  • RSA BSAFE Micro Edition Suite version 4.1.6.3 (CVE-2019-3730 and CVE-2019-3732) 

  • RSA BSAFE Micro Edition Suite version 4.4 (CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728) 

Affected Products:
RSA BSAFE Crypto-C Micro Edition 

  • versions 4.0.x (CVE-2019-3733) 

  • versions before 4.0.5.3 in the 4.0.x series (CVE-2019-3732) 

  • versions before 4.0.5.4 in the 4.0.x series (CVE-2019-3728) 

  • versions before 4.1.3.3 in the 4.1.x series (CVE-2019-3732) 

  • versions before 4.1.4 in the 4.1.x series (CVE-2019-3728 and CVE-2019-3733) 


RSA BSAFE Micro Edition Suite 

  • versions before 4.0.11 in the 4.0.x series (CVE-2019-3732) 

  • versions before 4.0.13 in the 4.0.x series (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731) 

  • versions 4.1.x (CVE-2019-3728, CVE-2019-3729, and CVE-2019-3731) 

  • versions 4.2.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, and CVE-2019-3732) 

  • versions 4.3.x (CVE-2019-3728, CVE-2019-3729, CVE-2019-3730, and CVE-2019-3731) 

  • versions before 4.1.6.1 in the 4.1.x series (CVE-2019-3732) 

  • versions before 4.1.6.3 in the 4.1.x series (CVE-2019-3730) 

  • versions before 4.3.3 in the 4.3.x series (CVE-2019-3732) 

Recommendations:
The following RSA BSAFE Crypto-C Micro Edition and Micro Edition Suite releases address these vulnerabilities: 

  • RSA BSAFE Crypto-C Micro Edition version 4.0.5.3 (CVE-2019-3732) 

  • RSA BSAFE Crypto-C Micro Edition version 4.1.4 (CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728) 

  • RSA recommends all customers upgrade to RSA BSAFE Crypto-C Micro Edition version 4.1.4 and Micro Edition Suite version 4.4 at the earliest opportunity. 

For additional documentation, downloads, and more, visit the RSA BSAFE page on RSA Link. 
 
Severity Rating: 
For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

  • RSA BSAFE Micro Edition Suite version 4.0.11 (CVE-2019-3732) 

  • RSA BSAFE Micro Edition Suite version 4.1.6.3 (CVE-2019-3730 and CVE-2019-3732) 

  • RSA BSAFE Micro Edition Suite version 4.4 (CVE-2019-3729, CVE-2019-3730, CVE-2019-3731, CVE-2019-3732, CVE-2019-3733, and CVE-2019-3728) 

変更履歴

RevisionDateDescription
1.02019-09-11Initial Release
1.12021-02-21Updated
2.02025-10-08Updated Description of CVE-2019-3728 with impact on RSA BSAFE Crypto-C versions from 6.0.0 through 6.4

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information
文書のプロパティ
文書番号: 000194054
文書の種類: Dell Security Advisory
最終更新: 08 10月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。