Vulnerabilities > CVE-2022-48570 - Out-of-bounds Write vulnerability in Cryptopp Crypto++

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cryptopp

CWE-787

NVD

Published: 2023-08-22

Updated: 2023-08-26

Summary

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

Vulnerable Configurations

Part	Description	Count
Application	Cryptopp Cryptopp Crypto++ 5.0 Cryptopp Crypto++ 5.1 Cryptopp Crypto++ 5.2 Cryptopp Crypto++ 5.2.1 Cryptopp Crypto++ 5.2.3 Cryptopp Crypto++ 5.3.0 Cryptopp Crypto++ 5.4 Cryptopp Crypto++ 5.5 Cryptopp Crypto++ 5.5.1 Cryptopp Crypto++ 5.5.2 Cryptopp Crypto++ 5.6.0 Cryptopp Crypto++ 5.6.1 Cryptopp Crypto++ 5.6.2 Cryptopp Crypto++ 5.6.3 Cryptopp Crypto++ 5.6.4 Cryptopp Crypto++ 5.6.5 Cryptopp Crypto++ 6.0.0 Cryptopp Crypto++ 6.1.0 Cryptopp Crypto++ 7.0.0 Cryptopp Crypto++ 8.0.0 Cryptopp Crypto++ 8.1.0 Cryptopp Crypto++ 8.2.0 Cryptopp Crypto++ 8.3.0 Cryptopp Crypto++ 8.4.0	24

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References