Crypto++ Security Vulnerabilities and Issues — Crypto++ CVE List

Lucene search

CryptoppCrypto++

4 matches found

CVE•added 2017/01/30 9:59 p.m.•122 views

CVE-2016-9939

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...

7.5CVSS7.4AI score0.05919EPSS

CVE•added 2017/06/05 2:29 p.m.•84 views

CVE-2017-9434

Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.

5.3CVSS5.3AI score0.00472EPSS

CVE•added 2017/01/30 9:59 p.m.•40 views

CVE-2016-7544

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

7.5CVSS7.3AI score0.02823EPSS

CVE•added 2017/02/13 6:59 p.m.•37 views

CVE-2016-3995

The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.

7.5CVSS7.2AI score0.01025EPSS