Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.
References
| Link | Resource |
|---|---|
| https://github.com/weidai11/cryptopp/issues/992 | Exploit Issue Tracking Patch Vendor Advisory |
| https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_4_0 | Release Notes |
| https://github.com/weidai11/cryptopp/issues/992 | Exploit Issue Tracking Patch Vendor Advisory |
| https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_4_0 | Release Notes |
Configurations
History
21 Nov 2024, 07:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/weidai11/cryptopp/issues/992 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
| References | () https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_4_0 - Release Notes |
26 Aug 2023, 02:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:cryptopp:crypto\+\+:*:*:*:*:*:*:*:* | |
| First Time |
Cryptopp
Cryptopp crypto\+\+ |
|
| References | (MISC) https://github.com/weidai11/cryptopp/issues/992 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
| References | (MISC) https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_4_0 - Release Notes | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CWE | CWE-787 |
22 Aug 2023, 20:10
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-22 19:16
Updated : 2024-11-21 07:33
NVD link : CVE-2022-48570
Mitre link : CVE-2022-48570
CVE.ORG link : CVE-2022-48570
JSON object : View
Products Affected
cryptopp
- crypto\+\+
CWE
CWE-787
Out-of-bounds Write