Vulnerabilities > Cryptopp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-30 | CVE-2016-7544 | Resource Management Errors vulnerability in Cryptopp Crypto++ 5.6.4 Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. | 5.0 |
2016-09-16 | CVE-2016-7420 | Information Exposure vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. | 5.9 |
2015-07-01 | CVE-2015-2141 | Information Exposure vulnerability in multiple products The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack. | 5.0 |