71 matches found
UBUNTU-CVE-2021-40530
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...
DEBIAN-CVE-2019-14318
Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...
UBUNTU-CVE-2019-14318
Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...
Timing Attack
cryptopp is vulnerable to timing attack. The attack exists because the countermeasure against the timing attack in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock is ineffective after compilation...
Fedora 30 : cryptopp (2019-812b77ed2e)
Update to 8.2.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...
Fedora Update for cryptopp FEDORA-2019-812b77ed2e
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for cryptopp FEDORA-2018-5a249b4214
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 26 Update: cryptopp-5.6.5-2.fc26
Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...
Fedora Update for cryptopp FEDORA-2018-a0a356fb68
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-9434
Crypto++ aka cryptopp through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter...
DEBIAN-CVE-2017-9434
Crypto++ aka cryptopp through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter...
CVE-2017-9434
Crypto++ aka cryptopp through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter...
CVE-2017-9434
CVE-2017-9434 affects Crypto++ (cryptopp) up to version 5.6.5, with an out-of-bounds read in the Zinflate class used by Gunzip/Inflator. The root cause is a malformed handling in the zinflate.cpp Inflator filter, which could disclose data when decompressing input. Public advisories in multiple di...
CVE-2016-3995
Crypto++ (libcryptopp) timing-attack vulnerability CVE-2016-3995 affects Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock prior to version 5.6.4, where the timing-protection code could be optimized out by compilers. This could allow an attacker to perform timing attacks. Th...
Stack overflow
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based malloca and freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed...
UBUNTU-CVE-2016-9939
Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...
CVE-2016-9939
CVE-2016-9939 affects Crypto++ (Crypto++/libcrypto++) 5.6.4, where the ASN.1 BER decoding routine allocates a memory block based on the length field and may zero the memory if contents are insufficient, causing a noticeable delay during the wipe for large allocations. This concrete detail is repe...
FreeBSD : cryptopp -- multiple vulnerabilities (eab68cff-bc0c-11e6-b2ca-001b3856973b)
Multiple sources report : CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...
CVE-2016-7420
Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...
CVE-2016-7420
Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...