Every CVE whose affected-product data names Cryptopp Crypto++, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2016-3995 — CVSS 7.5 (high): The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before…
CVE-2016-7544 — CVSS 7.5 (high): Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align…
CVE-2016-9939 — CVSS 7.5 (high): Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block…
CVE-2022-48570 — CVSS 7.5 (high): Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to…
CVE-2023-50980 — CVSS 7.5 (high): gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data…
CVE-2023-50981 — CVSS 7.5 (high): ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER…
CVE-2021-40530 — CVSS 5.9 (medium): The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic…
CVE-2016-7420 — CVSS 5.9 (medium): Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert…
CVE-2023-50979 — CVSS 5.9 (medium): Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
CVE-2019-14318 — CVSS 5.9 (medium): Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to…
CVE-2021-43398 — CVSS 5.3 (medium): Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time…
CVE-2017-9434 — CVSS 5.3 (medium): Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.