---

CVE-2016-7420 - log back

CVE-2016-7420 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Local
Type	+ Information disclosure
Description	+ Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
References
Notes