Fabre

#1059312 libcrypto++: CVE-2023-50981 #1059312

Package:: src:libcrypto++

Source:: src:libcrypto++

Submitter:: Moritz Mühlenhoff

Date:: 2023-12-22 20:09:44 UTC

Severity:: normal

Tags:

#1059312#5

Date:: 2023-12-22 13:37:18 UTC

From:

To:

Hi,

The following vulnerability was published for libcrypto++.

CVE-2023-50981[0]:
| ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows
| attackers to cause a denial of service (infinite loop) via crafted
| DER public-key data associated with squared odd numbers, such as the
| square of 268995137513890432434389773128616504853.

https://github.com/weidai11/cryptopp/issues/1249


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-50981
https://www.cve.org/CVERecord?id=CVE-2023-50981

Please adjust the affected versions in the BTS as needed.

#1059312 libcrypto++: CVE-2023-50981 #1059312

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)