CVE-2017-9434

MEDIUM

Crypto++ <5.6.5 - Info Disclosure

Title source: llm

Description

Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.

References (5)

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2017/06/06/2

[Third Party Advisory] https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965

View Writeup ZIP pw:eip

[Third Party Advisory] https://github.com/weidai11/cryptopp/issues/414

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99007

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM/

Scores

CVSS v3 5.3

EPSS 0.0047

EPSS Percentile 64.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-125

Status published

Products (2)

cryptopp/crypto\+\+ < 5.6.4

n/a/n/a

Published Jun 05, 2017

Tracked Since Feb 18, 2026