Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability

Summary

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.

Credit:

The information has been provided by Gergely Nagy..
The original article can be found at: http://www.securityfocus.com/bid/94854


Details

Vulnerable Systems:
 * Cryptopp Crypto++ 5.6.4
 * Debian Linux 8.0

When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there’s too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized (even if unused), which could take a long time on a large allocation.

CVE Information:
CVE-2016-9939

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-02-07

Categories: News