Published: 05/06/2017 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 448

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Crypto++ (aka cryptopp) up to and including 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cryptopp crypto\\+\\+

Debian Bug report logs - #864214 libcrypto++: CVE-2017-9434: out-of-bounds read in zinflate Package: src:libcrypto++; Maintainer for src:libcrypto++ is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Jun 2017 11:21:05 UTC Severity: important Tags: fixed-u ...

A security issue has been found in crypto++ before 600 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds read when decompressing data The out-of-bounds read occurs on a static table of 30 elements, allocated in initialized memory An attacker can craft a ZIP file that allows a read of the last two ...

CWE-125 https://github.com/weidai11/cryptopp/issues/414 https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 http://openwall.com/lists/oss-security/2017/06/06/2 http://www.securityfocus.com/bid/99007 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864214 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-9434

CVE-2017-9434

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect