CVE-2017-9434 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Denial of service |
Description | A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds read when decompressing data. The out-of-bounds read occurs on a static table of 30 elements, allocated in initialized memory. An attacker can craft a ZIP file that allows a read of the last two non-existent elements. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-288 | crypto++ | 5.6.5-3 | 6.0.0-2 | Medium | Not affected |
References |
---|
http://seclists.org/oss-sec/2017/q2/419 https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 https://github.com/weidai11/cryptopp/issues/414 |