Vulnerabilities > Cryptopp > Crypto > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-50979 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. | 5.9 |
| 2021-11-04 | CVE-2021-43398 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). | 5.3 |
| 2021-09-06 | CVE-2021-40530 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
| 2019-07-30 | CVE-2019-14318 | Channel and Path Errors vulnerability in Cryptopp Crypto++ Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. | 4.3 |
| 2017-06-05 | CVE-2017-9434 | Out-of-bounds Read vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. | 5.3 |
| 2017-02-13 | CVE-2016-3995 | Information Exposure vulnerability in Cryptopp Crypto++ The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks. | 5.0 |
| 2017-01-30 | CVE-2016-7544 | Resource Management Errors vulnerability in Cryptopp Crypto++ 5.6.4 Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. | 5.0 |
| 2016-09-16 | CVE-2016-7420 | Information Exposure vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. | 5.9 |