CVE-2019-14318 log

Source
Severity High
Remote Yes
Type Private key recovery
Description
A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 8.2.0, allowing for practical recovery of the long-term private key.
Group Package Affected Fixed Severity Status Ticket
AVG-1046 crypto++ 8.2.0-1 8.2.0-2 High Fixed
Date Advisory Group Package Severity Type
06 Dec 2019 ASA-201912-3 AVG-1046 crypto++ High private key recovery
References
https://seclists.org/oss-sec/2019/q4/3
https://minerva.crocs.fi.muni.cz/
https://github.com/weidai11/cryptopp/issues/869
https://github.com/weidai11/cryptopp/pull/870/commits/80c59bcdb251043f27eef95a4f31224c4615c3ec
https://github.com/weidai11/cryptopp/commit/c9ef9420e762