Candidate: CVE-2017-9434
PublicDate: 2017-06-05 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9434
 https://github.com/weidai11/cryptopp/issues/414
 https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
Description:
 Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read
 vulnerability in zinflate.cpp in the Inflator filter.
Ubuntu-Description:
 It was discovered that Crypto++ mishandled certain input. An attacker could use
 this vulnerability to leak potentially sensitive information.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864214
Priority: low
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]

Patches_libcrypto++:
upstream_libcrypto++: released (5.6.4-7)
precise/esm_libcrypto++: DNE
trusty_libcrypto++: ignored (reached end-of-life)
trusty/esm_libcrypto++: released (5.6.1-6deb8u3ubuntu0.1~esm1)

vivid/stable-phone-overlay_libcrypto++: DNE
vivid/ubuntu-core_libcrypto++: DNE
xenial_libcrypto++: ignored (end of standard support, was needed)

yakkety_libcrypto++: ignored (reached end-of-life)
zesty_libcrypto++: ignored (reached end-of-life)
artful_libcrypto++: ignored (reached end-of-life)
bionic_libcrypto++: not-affected (5.6.4-8)
cosmic_libcrypto++: not-affected (5.6.4-8)
disco_libcrypto++: not-affected (5.6.4-8)
eoan_libcrypto++: not-affected (5.6.4-8)
focal_libcrypto++: not-affected (5.6.4-8)
groovy_libcrypto++: not-affected (5.6.4-8)
hirsute_libcrypto++: not-affected (5.6.4-8)
impish_libcrypto++: not-affected (5.6.4-8)
jammy_libcrypto++: not-affected (5.6.4-8)
devel_libcrypto++: not-affected (5.6.4-8)