Lucene search

[email protected]NVD:CVE-2024-28285

HistoryMay 14, 2024 - 3:14 p.m.

CVE-2024-28285

2024-05-1415:14:19

CWE-285

CWE-209

[email protected]

web.nvd.nist.gov

fault injection

symmetricdecrypt

cryptopp

elgamal.h

cve-2024-28285

information disclosure

privilege escalation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.

References

gist.github.com/liang-junkai/3e91f58070812ea76c1b8c126c3e28c7

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

Related for NVD:CVE-2024-28285

debiancve1 ubuntucve1 osv1 vulnrichment1 cve1 cvelist1