AVG-2528 log
Package | crypto++ |
Status | Fixed |
Severity | Medium |
Type | private key recovery |
Affected | 8.5.0-2 |
Fixed | 8.6.0-1 |
Current | 8.9.0-1 [extra] |
Ticket | None |
Created | Fri Nov 5 10:42:46 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-43398 | Medium | Yes | Private key recovery | Crypto++ 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which... |