CVE-2023-50981

2023-12-1800:00:00

ubuntu.com

cve-2023-50981

modularsquareroot

crypto++

denial of service

infinite loop

crafted der public-key

squared odd numbers

268995137513890432434389773128616504853

bugs

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers
to cause a denial of service (infinite loop) via crafted DER public-key
data associated with squared odd numbers, such as the square of
268995137513890432434389773128616504853.

Bugs

<https://github.com/weidai11/cryptopp/issues/1249>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibcrypto++< anyUNKNOWN
ubuntu20.04noarchlibcrypto++< anyUNKNOWN
ubuntu22.04noarchlibcrypto++< anyUNKNOWN
ubuntu24.04noarchlibcrypto++< anyUNKNOWN
ubuntu14.04noarchlibcrypto++< anyUNKNOWN
ubuntu16.04noarchlibcrypto++< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	libcrypto++	< any	UNKNOWN
ubuntu	20.04	noarch	libcrypto++	< any	UNKNOWN
ubuntu	22.04	noarch	libcrypto++	< any	UNKNOWN
ubuntu	24.04	noarch	libcrypto++	< any	UNKNOWN
ubuntu	14.04	noarch	libcrypto++	< any	UNKNOWN
ubuntu	16.04	noarch	libcrypto++	< any	UNKNOWN