AVG-2528 log
| Package | crypto++ |
| Status | Fixed |
| Severity | Medium |
| Type | private key recovery |
| Affected | 8.5.0-2 |
| Fixed | 8.6.0-1 |
| Current | 8.9.0-1 [extra] |
| Ticket | None |
| Created | Fri Nov 5 10:42:46 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-43398 | Medium | Yes | Private key recovery | Crypto++ 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which... |