Cryptopp Crypto++ 8.6.0

CPE Details

Cryptopp Crypto++ 8.6.0
cryptopp
crypto\+\+
8.6.0
2021-11-05
12h19 +00:00
2021-11-09
19h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cryptopp:crypto\+\+:8.6.0:*:*:*:*:*:*:*

Informations

Vendor

cryptopp

Product

crypto\+\+

Version

8.6.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-50979 2023-12-17 23h00 +00:00 Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
5.9
Medium
CVE-2023-50980 2023-12-17 23h00 +00:00 gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
7.5
High
CVE-2023-50981 2023-12-17 23h00 +00:00 ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
7.5
High
CVE-2021-43398 2021-11-04 19h06 +00:00 Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this report is disputed by the vendor and multiple third parties. The execution-time differences are intentional. A user may make a choice of a longer key as a tradeoff between strength and performance. In making this choice, the amount of information leaked to an adversary is of infinitesimal value
5.3
Medium