Page 2 of 13 results (0.007 seconds)

CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0

30 Jan 2017 — Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. Crypto ++ (también conocido como cryptopp y libcrypto ++) 5.6.4 contenía un error en su rutina de decodificación ASN... • http://www.debian.org/security/2016/dsa-3748 • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

16 Sep 2016 — Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. Crypto++ (también conocido como cryptopp) hasta la versión 5.6.4 no documenta el requisito para una definición NDEBUG de tiempo de compilación desh... • http://www.openwall.com/lists/oss-security/2016/09/15/12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

29 Jun 2015 — The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack. La función InvertibleRWFunction::CalculateInverse en rw.cpp en libcrypt++ 5.6.2 no ciega correctamente las operaciones de claves privadas para el algoritmo de la firma digital Rabin-Williams, lo que permite a atacantes remotos obtener claves privadas a trav... • http://lists.opensuse.org/opensuse-updates/2015-07/msg00047.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •