High severity7.5NVD Advisory· Published Jan 30, 2017· Updated May 13, 2026
CVE-2016-9939
CVE-2016-9939
Description
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.openwall.com/lists/oss-security/2016/12/12/7nvdMailing ListPatchThird Party Advisory
- www.debian.org/security/2016/dsa-3748nvdThird Party Advisory
- www.securityfocus.com/bid/94854nvdThird Party AdvisoryVDB Entry
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM/nvd
News mentions
0No linked articles in our index yet.