CVE-2021-43398 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Private key recovery |
Description | Crypto++ 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2528 | crypto++ | 8.5.0-2 | 8.6.0-1 | Medium | Fixed |
References |
---|
https://github.com/weidai11/cryptopp/issues/1080 |