CVE-2023-50981 — Infinite Loop in Crypto

CWE-835 — Infinite Loop5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 73.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cryptopp Crypto Debian Libcrypto

Timeline

PublishedDec 18

Latest updateDec 27

Description

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcryptopp/crypto8.9.0

▶debiandebian/libcrypto

🔴Vulnerability Details

GHSA

GHSA-wrgh-jm24-7hv6: ModularSquareRoot in Crypto++ (aka cryptopp) through 8↗2023-12-27

▶

OSV

CVE-2023-50981: ModularSquareRoot in Crypto++ (aka cryptopp) through 8↗2023-12-18

▶

📋Vendor Advisories

Debian

CVE-2023-50981: libcrypto++ - ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to c...↗2023

▶

💬Community

Bugzilla

TRIAGE CVE-2023-50981 cryptopp: malformed DER public key file can trigger infinite loop condition [epel-all]↗2023-12-18

▶