MGASA-2017-0010

Source
https://advisories.mageia.org/MGASA-2017-0010.html
Import Source
https://advisories.mageia.org/MGASA-2017-0010.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0010
Related
Published
2017-01-07T21:39:59Z
Modified
2017-01-07T21:30:26Z
Summary
Updated libcryptopp packages fix security vulnerability
Details

When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized (even if unused), which could take a long time on a large allocation (CVE-2016-9939).

References
Credits

Affected packages

Mageia:5 / libcryptopp

Package

Name
libcryptopp
Purl
pkg:rpm/mageia/libcryptopp?arch=source&distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.3-1.3.mga5

Ecosystem specific

{
    "section": "core"
}