crypto++

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A free C++ class library of cryptographic schemes
Version 8.2.0-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1046 8.2.0-1 8.2.0-2 High Fixed
AVG-288 5.6.5-3 6.0.0-2 Medium Not affected
AVG-18 5.6.4-2 5.6.5-1 Medium Fixed FS#51331
Issue Group Severity Remote Type Description
CVE-2019-14318 AVG-1046 High Yes Private key recovery
A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 8.2.0, allowing for practical recovery of the long-term private key.
CVE-2017-9434 AVG-288 Medium Yes Denial of service
A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds...
CVE-2016-7420 AVG-18 Medium No Information disclosure
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are...

Advisories

Date Advisory Group Severity Description
06 Dec 2019 ASA-201912-3 AVG-1046 High private key recovery
12 Oct 2016 ASA-201610-8 AVG-18 Medium information disclosure