Vulnerabilities > Cryptopp

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-50979 Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
network
high complexity
cryptopp CWE-203
5.9
2023-12-18 CVE-2023-50980 Unspecified vulnerability in Cryptopp Crypto++
gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
network
low complexity
cryptopp
7.5
2023-12-18 CVE-2023-50981 Infinite Loop vulnerability in Cryptopp Crypto++
ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
network
low complexity
cryptopp CWE-835
7.5
2023-08-22 CVE-2022-48570 Out-of-bounds Write vulnerability in Cryptopp Crypto++
Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation.
network
low complexity
cryptopp CWE-787
7.5
2021-11-04 CVE-2021-43398 Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey().
network
low complexity
cryptopp CWE-203
5.3
2021-09-06 CVE-2021-40530 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
cryptopp fedoraproject CWE-327
5.9
2019-07-30 CVE-2019-14318 Channel and Path Errors vulnerability in Cryptopp Crypto++
Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation.
network
high complexity
cryptopp CWE-417
5.9
2017-06-05 CVE-2017-9434 Out-of-bounds Read vulnerability in Cryptopp Crypto++
Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.
network
low complexity
cryptopp CWE-125
5.3
2017-02-13 CVE-2016-3995 Information Exposure vulnerability in Cryptopp Crypto++
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.
network
low complexity
cryptopp CWE-200
7.5
2017-01-30 CVE-2016-9939 Improper Input Validation vulnerability in multiple products
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine.
network
low complexity
cryptopp debian CWE-20
7.5