PT-2017-10391 · Cryptopp+1 · Crypto+++1

Noloader

Publicado

2016-12-26

Atualizado

2021-10-06

CVE-2016-9939

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Crypto++ versions 5.6.4

Description The issue is related to a bug in the ASN.1 BER decoding routine of the library. When the library allocates a memory block based on the length field of the ASN.1 object and there are not enough content octets, the function fails and the memory block is zeroed, even if it's unused. This results in a noticeable delay during the wipe for large allocations.

Recommendations For version 5.6.4, consider updating to a newer version that contains a fix for this issue, as the current version has a bug in its ASN.1 BER decoding routine that can cause a noticeable delay during memory wipe for large allocations.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-9939

DLA-766-1

DSA-3748-1

MGASA-2017-0010

OPENSUSE-SU-2021:3301-1

OPENSUSE-SU-2021_3301-1

SUSE-SU-2021:3301-1

SUSE-SU-2021_3301-1

Produtos afetados

Crypto++

Suse

PT-2017-10391 · Cryptopp+1 · Crypto+++1

CVE-2016-9939

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31