Reference: https://github.com/weidai11/cryptopp/issues/1248 ----- Hi, recently I found a security issue in the Crypto++ library that would cause a segmentation fault when parsing DER public key files of the F(2^m) class curves, an attacker could potentially craft a malformed DER public key file, and any user or server attempting to read this public key file in processes such as ECDSA may be susceptible to a DOS attack. Issue The main reason of this issue is that when parsing the DER public key file of the F(2^m) class curve (EC2N::DecodePoint), there is no check that the degree of each term in the polynomial is strictly decreasing.
Created cryptopp tracking bugs for this issue: Affects: epel-all [bug 2255132] Affects: fedora-all [bug 2255133]