Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability
The information has been provided by Gergely Nagy..
The original article can be found at: http://www.securityfocus.com/bid/94854
* Cryptopp Crypto++ 5.6.4
* Debian Linux 8.0
When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there’s too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized (even if unused), which could take a long time on a large allocation.
Publish Date : 2017-01-30
Last Update Date : 2017-02-07