gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Crypto++ | Cryptopp | * | 8.9.0 (including) |
Libcrypto++ | Ubuntu | bionic | * |
Libcrypto++ | Ubuntu | lunar | * |
Libcrypto++ | Ubuntu | mantic | * |
Libcrypto++ | Ubuntu | trusty | * |
Libcrypto++ | Ubuntu | trusty/esm | * |
Libcrypto++ | Ubuntu | xenial | * |