CVE-2016-9939

NameCVE-2016-9939
Descriptiondenial-of-service in ASN1 decoder
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-766-1, DSA-3748-1
Debian Bugs848009

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcrypto++ (PTS)wheezy5.6.1-6+deb7u2vulnerable
wheezy (security)5.6.1-6+deb7u3fixed
jessie (security), jessie5.6.1-6+deb8u3fixed
stretch, sid5.6.4-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcrypto++source(unstable)5.6.4-5848009
libcrypto++sourcejessie5.6.1-6+deb8u3DSA-3748-1
libcrypto++sourcewheezy5.6.1-6+deb7u3DLA-766-1

Notes

https://github.com/weidai11/cryptopp/issues/346

Search for package or bug name: Reporting problems