Known Vulnerabilities for products from Cryptopp
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Cryptopp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-48570 json | Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup cou... | 7.5 - HIGH | 2023-08-22 | 2023-08-26 |
| CVE-2021-43398 json | Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between ... | 5.3 - MEDIUM | 2021-11-04 | 2023-11-07 |
| CVE-2021-40530 json | The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptogr... | 5.9 - MEDIUM | 2021-09-06 | 2023-11-07 |
| CVE-2019-14318 json | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attack... | 5.9 - MEDIUM | 2019-07-30 | 2019-08-20 |
| CVE-2017-9434 json | Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. | 5.3 - MEDIUM | 2017-06-05 | 2023-11-07 |
| CVE-2016-9939 json | Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a ... | 7.5 - HIGH | 2017-01-30 | 2023-11-07 |
| CVE-2016-7544 json | Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of me... | 7.5 - HIGH | 2017-01-30 | 2017-02-07 |
| CVE-2016-7420 json | Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the ma... | 5.9 - MEDIUM | 2016-09-16 | 2023-09-28 |
| CVE-2016-3995 json | The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryp... | 7.5 - HIGH | 2017-02-13 | 2017-03-03 |
| CVE-2015-2141 json | The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operati... | 5 - MEDIUM | 2015-07-01 | 2018-10-30 |
Known software with vulnerabilities from Cryptopp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cryptopp | Crypto | 5.0 |