CVE-2016-7420 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-18	crypto++	5.6.4-2	5.6.5-1	Medium	Fixed	FS#51331

Date	Advisory	Group	Package	Severity	Type
12 Oct 2016	ASA-201610-8	AVG-18	crypto++	Medium	information disclosure