Lucene search

[email protected]CVE-2023-50981

HistoryDec 18, 2023 - 4:15 a.m.

CVE-2023-50981

2023-12-1804:15:51

CWE-835

[email protected]

web.nvd.nist.gov

crypto++

cryptopp

cve-2023-50981

modularsquareroot

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

Affected configurations

NVD

Node

cryptoppcrypto\+\+Range≤8.9.0

CPENameOperatorVersion
cryptopp:crypto\+\+cryptopp crypto++le8.9.0

CPE	Name	Operator	Version
cryptopp:crypto\+\+	cryptopp crypto++	le	8.9.0

References

github.com/weidai11/cryptopp/issues/1249

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-50981

ubuntucve1 osv1 nessus1 openvas1 cvelist1 veracode1 debiancve1 prion1 nvd1