Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Published on June 30th, 2017

Summary

Cryptopp Crypto++ is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Credit:

The information has been provided by John Byrd .
The original article can be found at: http://www.securityfocus.com/bid/93164

Details

Vulnerable Systems:
* Cryptopp Crypto++ 5.6.4

Crypto++ 5.6.4 incorrectly uses Microsoft’s stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

CVE Information:
CVE-2016-7798

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-07

Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Summary

Credit:

Details

Featured News

HP Access Control versions prior to 16.7 Improper Privilege Management Vulnerability

Featured News

Google Chrome prior to 79.0.3945.88 Use After Free Vulnerability

News

IBM Jazz Reporting Service (JRS) 6.0.6.1 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Summary

Credit:

Details

Related Posts

Featured News

HP Access Control versions prior to 16.7 Improper Privilege Management Vulnerability

Featured News

Google Chrome prior to 79.0.3945.88 Use After Free Vulnerability

News

IBM Jazz Reporting Service (JRS) 6.0.6.1 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability