Crypto++ Security Vulnerabilities and Issues — Crypto++ CVE List

Lucene search

CryptoppCrypto++

4 matches found

CVE•added 2023/08/22 7:16 p.m.•40 views

CVE-2022-48570

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed...

7.5CVSS5.8AI score0.02374EPSS

CVE•added 2023/12/18 4:15 a.m.•34 views

CVE-2023-50980

gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.

7.5CVSS7.2AI score0.00101EPSS

CVE•added 2023/12/18 4:15 a.m.•29 views

CVE-2023-50981

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

7.5CVSS7.2AI score0.00076EPSS

CVE•added 2023/12/18 4:15 a.m.•27 views

CVE-2023-50979

Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.

5.9CVSS5.7AI score0.00101EPSS