Vulnerability Details CVE-2017-9434
Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://openwall.com/lists/oss-security/2017/06/06/2
- http://www.securityfocus.com/bid/99007
- https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
- https://github.com/weidai11/cryptopp/issues/414
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM/
- http://openwall.com/lists/oss-security/2017/06/06/2
- http://www.securityfocus.com/bid/99007
- https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
- https://github.com/weidai11/cryptopp/issues/414
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM/
Products affected by CVE-2017-9434
-
cpe:2.3:a:cryptopp:crypto++:5.0
-
cpe:2.3:a:cryptopp:crypto++:5.1
-
cpe:2.3:a:cryptopp:crypto++:5.2
-
cpe:2.3:a:cryptopp:crypto++:5.2.1
-
cpe:2.3:a:cryptopp:crypto++:5.2.3
-
cpe:2.3:a:cryptopp:crypto++:5.3.0
-
cpe:2.3:a:cryptopp:crypto++:5.4
-
cpe:2.3:a:cryptopp:crypto++:5.5
-
cpe:2.3:a:cryptopp:crypto++:5.5.1
-
cpe:2.3:a:cryptopp:crypto++:5.5.2
-
cpe:2.3:a:cryptopp:crypto++:5.6.0
-
cpe:2.3:a:cryptopp:crypto++:5.6.1
-
cpe:2.3:a:cryptopp:crypto++:5.6.2
-
cpe:2.3:a:cryptopp:crypto++:5.6.3
-
cpe:2.3:a:cryptopp:crypto++:5.6.4