crypto++ - Arch Linux
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2528 | 8.5.0-2 | Medium | Vulnerable | ||
| AVG-2363 | 8.5.0-2 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-43398 | AVG-2528 | Medium | Yes | Private key recovery | Crypto++ 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which... |
| CVE-2021-40530 | AVG-2363 | Medium | Yes | Information disclosure | The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1046 | 8.2.0-1 | 8.2.0-2 | High | Fixed | |
| AVG-288 | 5.6.5-3 | 6.0.0-2 | Medium | Not affected | |
| AVG-18 | 5.6.4-2 | 5.6.5-1 | Medium | Fixed | FS#51331 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-14318 | AVG-1046 | High | Yes | Private key recovery | A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 8.2.0, allowing for practical recovery of the long-term private key. |
| CVE-2017-9434 | AVG-288 | Medium | Yes | Denial of service | A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds... |
| CVE-2016-7420 | AVG-18 | Medium | No | Information disclosure | Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 06 Dec 2019 | ASA-201912-3 | AVG-1046 | High | private key recovery |
| 12 Oct 2016 | ASA-201610-8 | AVG-18 | Medium | information disclosure |