CVE-2021-43398 |
AVG-2528 |
Medium |
Yes |
Private key recovery |
Crypto++ 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which... |
CVE-2021-40530 |
AVG-2363 |
Medium |
Yes |
Information disclosure |
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain... |
CVE-2019-14318 |
AVG-1046 |
High |
Yes |
Private key recovery |
A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 8.2.0, allowing for practical recovery of the long-term private key. |
CVE-2017-9434 |
AVG-288 |
Medium |
Yes |
Denial of service |
A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds... |
CVE-2016-7420 |
AVG-18 |
Medium |
No |
Information disclosure |
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are... |