When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized (even if unused), which could take a long time on a large allocation.
Created cryptopp tracking bugs for this issue:
Affects: fedora-all [bug 1404145]
Affects: epel-all [bug 1404146]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.