CVE-2016-9939

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9939
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9939.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9939
Related
Published
2017-01-30T21:59:01Z
Modified
2025-04-20T03:28:48.812304Z
Downstream
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.

References

Affected packages

Debian:11 / libcrypto++

Package

Name
libcrypto++
Purl
pkg:deb/debian/libcrypto%2B%2B?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.4-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libcrypto++

Package

Name
libcrypto++
Purl
pkg:deb/debian/libcrypto%2B%2B?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.4-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libcrypto++

Package

Name
libcrypto++
Purl
pkg:deb/debian/libcrypto%2B%2B?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.4-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/weidai11/cryptopp

Affected ranges

Type
GIT
Repo
https://github.com/weidai11/cryptopp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

CRYPTOPP_5_0
CRYPTOPP_5_1
CRYPTOPP_5_2
CRYPTOPP_5_2_1
CRYPTOPP_5_2_3
CRYPTOPP_5_3_0
CRYPTOPP_5_4
CRYPTOPP_5_5
CRYPTOPP_5_5_1
CRYPTOPP_5_5_2
CRYPTOPP_5_6_0
CRYPTOPP_5_6_1
CRYPTOPP_5_6_2
CRYPTOPP_5_6_3
CRYPTOPP_5_6_4