CVE-2016-9939 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-9939 Interim 1 18 2023-09-12T01:05:47Z current 2021-05-30T13:48:44Z 2023-09-12T01:05:47Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-9939 Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2021-October/009547.html E-Mail link for SUSE-SU-2021:3301-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OT7AMKZYZG3NMSSJK4GVQCGFPLIGSKD5/ E-Mail link for openSUSE-SU-2021:3301-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 openSUSE Leap 15.3 libcryptopp libcryptopp-devel libcryptopp-devel-5.6.5-1.6.1 libcryptopp-devel-8.6.0-150400.1.6 libcryptopp5_6_5 libcryptopp5_6_5-32bit-5.6.5-1.6.1 libcryptopp5_6_5-5.6.5-1.6.1 libcryptopp8_6_0-8.6.0-150400.1.6 libcryptopp-devel-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libcryptopp5_6_5-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libcryptopp-devel-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libcryptopp5_6_5-5.6.5-1.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libcryptopp-devel-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libcryptopp8_6_0-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libcryptopp-devel-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libcryptopp8_6_0-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libcryptopp-devel-5.6.5-1.6.1 as a component of openSUSE Leap 15.3 libcryptopp5_6_5-5.6.5-1.6.1 as a component of openSUSE Leap 15.3 libcryptopp5_6_5-32bit-5.6.5-1.6.1 as a component of openSUSE Leap 15.3 libcryptopp-devel as a component of SUSE CaaS Platform 4.0 libcryptopp5_6_5 as a component of SUSE CaaS Platform 4.0 libcryptopp as a component of SUSE CaaS Platform 4.0 libcryptopp as a component of SUSE Enterprise Storage 6 libcryptopp-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libcryptopp5_6_5 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libcryptopp as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libcryptopp-devel as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libcryptopp5_6_5 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libcryptopp as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libcryptopp-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libcryptopp5_6_5 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libcryptopp as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. CVE-2016-9939 SUSE Linux Enterprise Module for Basesystem 15 SP2:libcryptopp-devel-5.6.5-1.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libcryptopp5_6_5-5.6.5-1.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libcryptopp-devel-5.6.5-1.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libcryptopp5_6_5-5.6.5-1.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:libcryptopp-devel-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Basesystem 15 SP4:libcryptopp8_6_0-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp-devel-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp8_6_0-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:libcryptopp5_6_5-5.6.5-1.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP4:libcryptopp5_6_5-32bit-5.6.5-1.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:libcryptopp5_6_5-5.6.5-1.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:libcryptopp5_6_5-32bit-5.6.5-1.6.1 openSUSE Leap 15.3:libcryptopp-devel-5.6.5-1.6.1 openSUSE Leap 15.3:libcryptopp5_6_5-5.6.5-1.6.1 openSUSE Leap 15.3:libcryptopp5_6_5-32bit-5.6.5-1.6.1 SUSE CaaS Platform 4.0:libcryptopp SUSE CaaS Platform 4.0:libcryptopp-devel SUSE CaaS Platform 4.0:libcryptopp5_6_5 SUSE Enterprise Storage 6:libcryptopp SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcryptopp SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcryptopp-devel SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcryptopp5_6_5 SUSE Linux Enterprise Server 15 SP1-LTSS:libcryptopp SUSE Linux Enterprise Server 15 SP1-LTSS:libcryptopp-devel SUSE Linux Enterprise Server 15 SP1-LTSS:libcryptopp5_6_5 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcryptopp SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcryptopp-devel SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcryptopp5_6_5 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H