Known Vulnerabilities for products from Cryptopp

Listed below are 10 of the newest known vulnerabilities associated with the vendor "Cryptopp".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-48570 json Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup cou... 7.5 - HIGH 2023-08-22 2023-08-26
CVE-2021-43398 json Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between ... 5.3 - MEDIUM 2021-11-04 2023-11-07
CVE-2021-40530 json The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptogr... 5.9 - MEDIUM 2021-09-06 2023-11-07
CVE-2019-14318 json Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attack... 5.9 - MEDIUM 2019-07-30 2019-08-20
CVE-2017-9434 json Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. 5.3 - MEDIUM 2017-06-05 2023-11-07
CVE-2016-9939 json Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a ... Not Provided 2017-01-30 2025-04-20
CVE-2016-7544 json Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of me... Not Provided 2017-01-30 2025-04-20
CVE-2016-7420 json Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the ma... Not Provided 2016-09-16 2026-05-06
CVE-2016-3995 json The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryp... Not Provided 2017-02-13 2025-04-20
CVE-2015-2141 json The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operati... Not Provided 2015-07-01 2026-05-06

Known software with vulnerabilities from Cryptopp

Type Vendor Product Version
ApplicationCryptoppCrypto 5.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report