4 matches found
CVE-2016-9939
CVE-2016-9939 affects Crypto++ (Crypto++/libcrypto++) 5.6.4, where the ASN.1 BER decoding routine allocates a memory block based on the length field and may zero the memory if contents are insufficient, causing a noticeable delay during the wipe for large allocations. This concrete detail is repe...
CVE-2017-9434
CVE-2017-9434 affects Crypto++ (cryptopp) up to version 5.6.5, with an out-of-bounds read in the Zinflate class used by Gunzip/Inflator. The root cause is a malformed handling in the zinflate.cpp Inflator filter, which could disclose data when decompressing input. Public advisories in multiple di...
CVE-2016-3995
Crypto++ (libcryptopp) timing-attack vulnerability CVE-2016-3995 affects Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock prior to version 5.6.4, where the timing-protection code could be optimized out by compilers. This could allow an attacker to perform timing attacks. Th...
CVE-2016-7544
Crypto++ 5.6.4 is affected: it relies on Microsoft stack-based _malloca/_freea to align a table, and if the table is realloc’d the wrong pointer could be freed. This can impact memory management and may affect availability as described in CVE-2016-7544. Connected records show a Fedora update upgr...