Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Published on June 30th, 2017
Summary

Cryptopp Crypto++ is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Credit:

The information has been provided by John Byrd .
The original article can be found at: http://www.securityfocus.com/bid/93164


Details

Vulnerable Systems:
 * Cryptopp Crypto++ 5.6.4

Crypto++ 5.6.4 incorrectly uses Microsoft’s stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

CVE Information:
CVE-2016-7798

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-07

Categories: News
Tags:

Related Posts

News

Pulse Secure Pulse Connect Secure (PCS) Improper Restriction of Excessive Authentication Attempts Vulnerability

News

Pulse Secure Pulse Connect Secure (PCS) Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability

News

Malwarebytes AdwCleaner 8.0.3 Untrusted Search Path Vulnerability