CVE-2023-50981
https://notcve.org/view.php?id=CVE-2023-50981
ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853. ModularSquareRoot en Crypto++ (también conocido como cryptopp) hasta 8.9.0 permite a los atacantes provocar una denegación de servicio (bucle infinito) a través de datos de clave pública DER manipulada asociada con números impares al cuadrado, como el cuadrado de 268995137513890432434389773128616504853. • https://github.com/weidai11/cryptopp/issues/1249 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2023-50979
https://notcve.org/view.php?id=CVE-2023-50979
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. Crypto++ (también conocido como cryptopp) hasta 8.9.0 tiene un canal lateral de Marvin durante el descifrado con relleno PKCS#1 v1.5. • https://github.com/weidai11/cryptopp/issues/1247 • CWE-203: Observable Discrepancy •
CVE-2023-50980
https://notcve.org/view.php?id=CVE-2023-50980
gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing. gf2n.cpp en Crypto++ (también conocido como cryptopp) hasta la versión 8.9.0 permite a los atacantes provocar una denegación de servicio (caída de la aplicación) a través de datos de clave pública DER para una curva F(2^m), si el grado de cada término en el polinomio no es estrictamente decreciente. • https://github.com/weidai11/cryptopp/issues/1248 •
CVE-2022-48570
https://notcve.org/view.php?id=CVE-2022-48570
Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons. • https://github.com/weidai11/cryptopp/issues/992 https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_4_0 • CWE-787: Out-of-bounds Write •
CVE-2021-43398
https://notcve.org/view.php?id=CVE-2021-43398
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this report is disputed by the vendor and multiple third parties. The execution-time differences are intentional. • https://cryptopp.com https://github.com/weidai11/cryptopp/issues/1080 https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996492222 • CWE-203: Observable Discrepancy •