Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cryptopp vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2023-50979
Crypto++ (aka cryptopp) up to and including 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
Cryptopp Crypto++
7.5
CVSSv3
CVE-2023-50981
ModularSquareRoot in Crypto++ (aka cryptopp) up to and including 8.9.0 allows malicious users to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
Cryptopp Crypto++
5.9
CVSSv3
CVE-2019-14318
Crypto++ 8.3.0 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar...
Cryptopp Crypto++
1 Github repository
5.9
CVSSv3
CVE-2016-7420
Crypto++ (aka cryptopp) up to and including 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent malicious users to obtain sensitive information by l...
Cryptopp Crypto++
5.3
CVSSv3
CVE-2017-9434
Crypto++ (aka cryptopp) up to and including 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.
Cryptopp Crypto++
7.5
CVSSv3
CVE-2016-3995
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) prior to 5.6.4 may be optimized out by the compiler, which allows malicious users to conduct timing attacks.
Cryptopp Crypto++
5.3
CVSSv3
CVE-2021-43398
Crypto++ (aka Cryptopp) 8.6.0 and previous versions contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow malicious users ...
Cryptopp Crypto++
7.5
CVSSv3
CVE-2023-50980
gf2n.cpp in Crypto++ (aka cryptopp) up to and including 8.9.0 allows malicious users to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
Cryptopp Crypto++
7.5
CVSSv3
CVE-2022-48570
Crypto++ up to and including 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-1431...
Cryptopp Crypto++
7.5
CVSSv3
CVE-2016-7544
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.
Cryptopp Crypto++ 5.6.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »