CVE-2023-50981

Name of the Vulnerable Software and Affected Versions Crypto++ (cryptopp) versions prior to 8.9.0

Description The issue allows attackers to cause a denial of service, specifically an infinite loop, through crafted DER public-key data associated with squared odd numbers. This can be achieved with numbers such as the square of 268995137513890432434389773128616504853.

Recommendations For versions prior to 8.9.0, update to version 8.9.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ModularSquareRoot function in Crypto++ until a patch is applied. Avoid processing DER public-key data from untrusted sources to minimize the risk of exploitation.