Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Published on June 30th, 2017
Summary

Cryptopp Crypto++ is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Credit:

The information has been provided by John Byrd .
The original article can be found at: http://www.securityfocus.com/bid/93164


Details

Vulnerable Systems:
 * Cryptopp Crypto++ 5.6.4

Crypto++ 5.6.4 incorrectly uses Microsoft’s stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

CVE Information:
CVE-2016-7798

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-07

Categories: News
Tags:

Related Posts

News

Minimal Coming Soon & Maintenance Mode through 2.10 Cross-Site Request Forgery (CSRF) Vulnerability

News

HUAWEI Mate 20 smartphones versions 9.1.0.139 Improper Authentication Vulnerability

News

PHPGurukul Dairy Farm Shop Management System 1.0 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability