Lucene search
F5F5:K000137107HistoryOct 03, 2023 - 12:00 a.m.
K000137107 : Crypto++ vulnerability CVE-2022-48570
2023-10-0300:00:00
my.f5.com
3
crypto++
timing side channel
ecdsa
vulnerability
memory alignment
cve-2022-48570
Security Advisory Description
Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons. (CVE-2022-48570)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
cvelist
cvelist
CVE-2022-48570
2023-08-22 00:00:00
CVE-2019-14318
2019-07-30 16:26:56
cve
cve
CVE-2022-48570
2023-08-22 19:16:32
CVE-2019-14318
2019-07-30 17:15:12
nvd
nvd
CVE-2022-48570
2023-08-22 19:16:32
CVE-2019-14318
2019-07-30 17:15:12
osv
osv
CVE-2022-48570
2023-08-22 19:16:32
CVE-2019-14318
2019-07-30 17:15:12
debiancve
debiancve
CVE-2022-48570
2023-08-22 19:16:32
CVE-2019-14318
2019-07-30 17:15:12
ubuntucve
ubuntucve
CVE-2022-48570
2023-08-22 00:00:00
CVE-2019-14318
2019-07-30 00:00:00
prion
prion
Design/Logic Flaw
2023-08-22 19:16:00
Information disclosure
2019-07-30 17:15:00
veracode
veracode
Side Channel Attack
2023-10-11 05:20:52
nessus
nessus
openSUSE Security Update : libcryptopp (openSUSE-2019-1968)
2019-08-21 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0362)
2022-01-28 00:00:00
openSUSE: Security Advisory for libcryptopp (openSUSE-SU-2019:1968-1)
2019-08-21 00:00:00
archlinux
archlinux
[ASA-201912-3] crypto++: private key recovery
2019-12-06 00:00:00
suse
suse
Security update for libcryptopp (moderate)
2019-08-20 00:00:00
mageia
mageia
Updated libcryptopp packages fix security vulnerability
2019-12-06 17:15:42