Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cryptopp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28285
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an malicious user to co-reside in the same system with a victim process to disclose information and escalate privileges.
NA
CVE-2023-50979
Crypto++ (aka cryptopp) up to and including 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
Cryptopp Crypto++
NA
CVE-2023-50980
gf2n.cpp in Crypto++ (aka cryptopp) up to and including 8.9.0 allows malicious users to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
Cryptopp Crypto++
NA
CVE-2023-50981
ModularSquareRoot in Crypto++ (aka cryptopp) up to and including 8.9.0 allows malicious users to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
Cryptopp Crypto++
NA
CVE-2022-48570
Crypto++ up to and including 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-1431...
Cryptopp Crypto++
445
VMScore
CVE-2021-43398
Crypto++ (aka Cryptopp) 8.6.0 and previous versions contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow malicious users ...
Cryptopp Crypto++
231
VMScore
CVE-2021-40530
The ElGamal implementation in Crypto++ up to and including 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver&...
Cryptopp Crypto++
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
383
VMScore
CVE-2019-14318
Crypto++ 8.3.0 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar...
Cryptopp Crypto++
1 Github repository
448
VMScore
CVE-2017-9434
Crypto++ (aka cryptopp) up to and including 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.
Cryptopp Crypto++
668
VMScore
CVE-2013-7459
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote malicious users to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Dlitz Pycrypto
Fedoraproject Fedora 25
Fedoraproject Fedora 24
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »