Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Published on June 30th, 2017
Summary

Cryptopp Crypto++ is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Credit:

The information has been provided by John Byrd .
The original article can be found at: http://www.securityfocus.com/bid/93164


Details

Vulnerable Systems:
 * Cryptopp Crypto++ 5.6.4

Crypto++ 5.6.4 incorrectly uses Microsoft’s stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

CVE Information:
CVE-2016-7798

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-07

Categories: News
Tags:

Related Posts

News

Foxitsoftware Phantompdf 8.3.9.41099 Remote Code Execution Vulnerability

News

Foxitsoftware Foxit Reader 9.4.1.16828 Remote Code Execution Vulnerability

News

NETGEAR Insight Cloud Remote Code Execution Vulnerability