CVE-2023-50981

2023-12-1804:15:51

Debian Security Bug Tracker

security-tracker.debian.org

crypto++

modularsquareroot

cve-2023-50981

denial of service

crafted der

public-key data

odd numbers

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

OSVersionArchitecturePackageVersionFilename
Debian12alllibcrypto++<= 8.7.0+git220824-1libcrypto++_8.7.0+git220824-1_all.deb
Debian11alllibcrypto++<= 8.4.0-1libcrypto++_8.4.0-1_all.deb
Debian999alllibcrypto++<= 8.9.0-1.1libcrypto++_8.9.0-1.1_all.deb
Debian13alllibcrypto++<= 8.9.0-1.1libcrypto++_8.9.0-1.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libcrypto++	<= 8.7.0+git220824-1	libcrypto++_8.7.0+git220824-1_all.deb
Debian	11	all	libcrypto++	<= 8.4.0-1	libcrypto++_8.4.0-1_all.deb
Debian	999	all	libcrypto++	<= 8.9.0-1.1	libcrypto++_8.9.0-1.1_all.deb
Debian	13	all	libcrypto++	<= 8.9.0-1.1	libcrypto++_8.9.0-1.1_all.deb