CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9939
https://notcve.org/view.php?id=CVE-2016-9939
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. Crypto ++ (también conocido como cryptopp y libcrypto ++) 5.6.4 contenía un error en su rutina de decodificación ASN.1 BER. • http://www.debian.org/security/2016/dsa-3748 http://www.openwall.com/lists/oss-security/2016/12/12/7 http://www.securityfocus.com/bid/94854 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-7544
https://notcve.org/view.php?id=CVE-2016-7544
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed. Crypto ++ 5.6.4 utiliza incorrectamente las funciones basadas en pila _malloca y _freea de Microsoft. La biblioteca solicitará un bloqueo de memoria para alinear una tabla en la memoria. • http://www.openwall.com/lists/oss-security/2016/09/23/5 http://www.openwall.com/lists/oss-security/2016/09/23/9 http://www.securityfocus.com/bid/93164 https://github.com/weidai11/cryptopp/issues/302 https://www.cryptopp.com/release565.html • CWE-399: Resource Management Errors •