Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability


Cryptopp Crypto++ is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.


The information has been provided by John Byrd .
The original article can be found at:


Vulnerable Systems:
 * Cryptopp Crypto++ 5.6.4

Crypto++ 5.6.4 incorrectly uses Microsoft’s stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

CVE Information:

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-07

Categories: News