RSS   Vulnerabilities for 'Crypto\+\+'   RSS

2021-11-04
 
CVE-2021-43398

CWE-203
 

 
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks.

 
2021-09-06
 
CVE-2021-40530

CWE-327
 

 
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

 

 >>> Vendor: Cryptopp 3 Products
Crypto++ library
Crypto++
Crypto\+\+


Copyright 2024, cxsecurity.com

 

Back to Top