Page 3 of 13 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed. Crypto ++ 5.6.4 utiliza incorrectamente las funciones basadas en pila _malloca y _freea de Microsoft. La biblioteca solicitará un bloqueo de memoria para alinear una tabla en la memoria. • http://www.openwall.com/lists/oss-security/2016/09/23/5 http://www.openwall.com/lists/oss-security/2016/09/23/9 http://www.securityfocus.com/bid/93164 https://github.com/weidai11/cryptopp/issues/302 https://www.cryptopp.com/release565.html • CWE-399: Resource Management Errors •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. Crypto++ (también conocido como cryptopp) hasta la versión 5.6.4 no documenta el requisito para una definición NDEBUG de tiempo de compilación deshabilitando las múltiples llamadas assert que son no intencionadas en uso de producción, lo que podría permitir a atacantes dependientes del contexto obtener información sensible aprovechando acceso a la memoria de procesamiento después de un fallo de aserción, según lo demostrado mediante la lectura de un volcado de memoria. • http://www.openwall.com/lists/oss-security/2016/09/15/12 http://www.openwall.com/lists/oss-security/2016/09/16/1 http://www.openwall.com/lists/oss-security/2023/09/28/2 http://www.openwall.com/lists/oss-security/2023/09/28/4 http://www.securityfocus.com/bid/92988 https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6 https://github.com/weidai11/cryptopp/issues/277 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack. La función InvertibleRWFunction::CalculateInverse en rw.cpp en libcrypt++ 5.6.2 no ciega correctamente las operaciones de claves privadas para el algoritmo de la firma digital Rabin-Williams, lo que permite a atacantes remotos obtener claves privadas a través de un ataque de tiempos. • http://lists.opensuse.org/opensuse-updates/2015-07/msg00047.html http://sourceforge.net/p/cryptopp/code/542 http://www.debian.org/security/2015/dsa-3296 http://www.securityfocus.com/bid/75467 https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •