crypto++

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A free C++ class library of cryptographic schemes
Version 8.9.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2528 8.5.0-2 8.6.0-1 Medium Fixed
AVG-2363 8.5.0-2 8.6.0-1 Medium Fixed
AVG-1046 8.2.0-1 8.2.0-2 High Fixed
AVG-288 5.6.5-3 6.0.0-2 Medium Not affected
AVG-18 5.6.4-2 5.6.5-1 Medium Fixed FS#51331
Issue Group Severity Remote Type Description
CVE-2021-43398 AVG-2528 Medium Yes Private key recovery
Crypto++ 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which...
CVE-2021-40530 AVG-2363 Medium Yes Information disclosure
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain...
CVE-2019-14318 AVG-1046 High Yes Private key recovery
A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 8.2.0, allowing for practical recovery of the long-term private key.
CVE-2017-9434 AVG-288 Medium Yes Denial of service
A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds...
CVE-2016-7420 AVG-18 Medium No Information disclosure
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are...

Advisories

Date Advisory Group Severity Type
06 Dec 2019 ASA-201912-3 AVG-1046 High private key recovery
12 Oct 2016 ASA-201610-8 AVG-18 Medium information disclosure