crypto++

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A free C++ class library of cryptographic schemes
Version	8.9.0-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2528	8.5.0-2	8.6.0-1	Medium	Fixed
AVG-2363	8.5.0-2	8.6.0-1	Medium	Fixed
AVG-1046	8.2.0-1	8.2.0-2	High	Fixed
AVG-288	5.6.5-3	6.0.0-2	Medium	Not affected
AVG-18	5.6.4-2	5.6.5-1	Medium	Fixed	FS#51331

Issue	Group	Severity	Remote	Type	Description
CVE-2021-43398	AVG-2528	Medium	Yes	Private key recovery	Crypto++ 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which...
CVE-2021-40530	AVG-2363	Medium	Yes	Information disclosure	The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain...
CVE-2019-14318	AVG-1046	High	Yes	Private key recovery	A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 8.2.0, allowing for practical recovery of the long-term private key.
CVE-2017-9434	AVG-288	Medium	Yes	Denial of service	A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds...
CVE-2016-7420	AVG-18	Medium	No	Information disclosure	Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are...

Advisories

Date	Advisory	Group	Severity	Type
06 Dec 2019	ASA-201912-3	AVG-1046	High	private key recovery
12 Oct 2016	ASA-201610-8	AVG-18	Medium	information disclosure