Lucene search
K

71 matches found

OSV
OSV
added 2021/09/06 7:15 p.m.6 views

UBUNTU-CVE-2021-40530

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

5.9CVSS6.2AI score0.01157EPSS
Exploits1References6
OSV
OSV
added 2019/07/30 5:15 p.m.2 views

DEBIAN-CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

5.9CVSS5.8AI score0.03245EPSS
Exploits1References1
OSV
OSV
added 2019/07/30 5:15 p.m.4 views

UBUNTU-CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

5.9CVSS5.8AI score0.03245EPSS
Exploits1References5
Veracode
Veracode
added 2019/07/12 10:39 a.m.14 views

Timing Attack

cryptopp is vulnerable to timing attack. The attack exists because the countermeasure against the timing attack in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock is ineffective after compilation...

7.5CVSS7.3AI score0.01858EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/03 12:0 a.m.35 views

Fedora 30 : cryptopp (2019-812b77ed2e)

Update to 8.2.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

7.5CVSS6.6AI score0.04202EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/06/02 12:0 a.m.49 views

Fedora Update for cryptopp FEDORA-2019-812b77ed2e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2018/03/21 12:0 a.m.21 views

Fedora Update for cryptopp FEDORA-2018-5a249b4214

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7AI score
Exploits0References2
Fedora
Fedora
added 2018/03/20 5:37 p.m.44 views

[SECURITY] Fedora 26 Update: cryptopp-5.6.5-2.fc26

Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...

7.5CVSS0.1AI score0.02735EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/03/14 12:0 a.m.23 views

Fedora Update for cryptopp FEDORA-2018-a0a356fb68

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/06/05 2:29 p.m.21 views

CVE-2017-9434

Crypto++ aka cryptopp through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter...

5.3CVSS6.4AI score0.01369EPSS
Exploits0References4
OSV
OSV
added 2017/06/05 2:29 p.m.1 views

DEBIAN-CVE-2017-9434

Crypto++ aka cryptopp through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter...

5.3CVSS6.9AI score0.01369EPSS
Exploits0References1
OSV
OSV
added 2017/06/05 2:29 p.m.16 views

CVE-2017-9434

Crypto++ aka cryptopp through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter...

5.3CVSS6.6AI score
Exploits0References5
CVE
CVE
added 2017/06/05 2:0 p.m.96 views

CVE-2017-9434

CVE-2017-9434 affects Crypto++ (cryptopp) up to version 5.6.5, with an out-of-bounds read in the Zinflate class used by Gunzip/Inflator. The root cause is a malformed handling in the zinflate.cpp Inflator filter, which could disclose data when decompressing input. Public advisories in multiple di...

5.3CVSS5.3AI score0.01369EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2017/02/13 6:0 p.m.53 views

CVE-2016-3995

Crypto++ (libcryptopp) timing-attack vulnerability CVE-2016-3995 affects Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock prior to version 5.6.4, where the timing-protection code could be optimized out by compilers. This could allow an attacker to perform timing attacks. Th...

7.5CVSS7.2AI score0.01858EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/01/30 9:59 p.m.15 views

Stack overflow

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based malloca and freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed...

5CVSS6.8AI score0.02735EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2017/01/30 9:59 p.m.3 views

UBUNTU-CVE-2016-9939

Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...

7.5CVSS7.1AI score0.04202EPSS
Exploits0References4
CVE
CVE
added 2017/01/30 9:0 p.m.138 views

CVE-2016-9939

CVE-2016-9939 affects Crypto++ (Crypto++/libcrypto++) 5.6.4, where the ASN.1 BER decoding routine allocates a memory block based on the length field and may zero the memory if contents are insufficient, causing a noticeable delay during the wipe for large allocations. This concrete detail is repe...

7.5CVSS7.4AI score0.04202EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/12/07 12:0 a.m.30 views

FreeBSD : cryptopp -- multiple vulnerabilities (eab68cff-bc0c-11e6-b2ca-001b3856973b)

Multiple sources report : CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

7.5CVSS6.9AI score0.02879EPSS
Exploits0References7
NVD
NVD
added 2016/09/16 5:59 a.m.12 views

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

5.9CVSS5.4AI score0.02288EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2016/09/16 5:59 a.m.24 views

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

5.9CVSS6.6AI score0.02288EPSS
Exploits0References5
Rows per page
Query Builder