CVE-2017-9434 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds read when decompressing data. The out-of-bounds read occurs on a static table of 30 elements, allocated in initialized memory. An attacker can craft a ZIP file that allows a read of the last two non-existent elements.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-288	crypto++	5.6.5-3	6.0.0-2	Medium	Not affected

References
http://seclists.org/oss-sec/2017/q2/419 https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 https://github.com/weidai11/cryptopp/issues/414