CVE-2023-50981

Published: Dec 18, 2023Modified: May 7, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

Affected (1)

Products: Cryptopp: Crypto++

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cryptopp Crypto++	Up to 8.9.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (2)

https://github.com/weidai11/cryptopp/issues/1249

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/weidai11/cryptopp/issues/1249

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.