Lucene search
+L

4 matches found

CVE
CVE
added 2017/01/30 9:0 p.m.139 views

CVE-2016-9939

CVE-2016-9939 affects Crypto++ (Crypto++/libcrypto++) 5.6.4, where the ASN.1 BER decoding routine allocates a memory block based on the length field and may zero the memory if contents are insufficient, causing a noticeable delay during the wipe for large allocations. This concrete detail is repe...

7.5CVSS7.4AI score0.04202EPSS
CVE
CVE
added 2017/06/05 2:0 p.m.97 views

CVE-2017-9434

CVE-2017-9434 affects Crypto++ (cryptopp) up to version 5.6.5, with an out-of-bounds read in the Zinflate class used by Gunzip/Inflator. The root cause is a malformed handling in the zinflate.cpp Inflator filter, which could disclose data when decompressing input. Public advisories in multiple di...

5.3CVSS5.3AI score0.01369EPSS
CVE
CVE
added 2017/02/13 6:0 p.m.54 views

CVE-2016-3995

Crypto++ (libcryptopp) timing-attack vulnerability CVE-2016-3995 affects Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock prior to version 5.6.4, where the timing-protection code could be optimized out by compilers. This could allow an attacker to perform timing attacks. Th...

7.5CVSS7.2AI score0.01858EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.51 views

CVE-2016-7544

Crypto++ 5.6.4 is affected: it relies on Microsoft stack-based _malloca/_freea to align a table, and if the table is realloc’d the wrong pointer could be freed. This can impact memory management and may affect availability as described in CVE-2016-7544. Connected records show a Fedora update upgr...

7.5CVSS7.3AI score0.02735EPSS