Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Published on June 30th, 2017

Summary

Cryptopp Crypto++ is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Credit:

The information has been provided by John Byrd .
The original article can be found at: http://www.securityfocus.com/bid/93164

Details

Vulnerable Systems:
* Cryptopp Crypto++ 5.6.4

Crypto++ 5.6.4 incorrectly uses Microsoft’s stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

CVE Information:
CVE-2016-7798

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-07

Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Summary

Credit:

Details

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cryptopp Crypto++ 5.6.4 exploit Remote Code Execution Vulnerability

Summary

Credit:

Details

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability