← voltar
CVE-2022-48570

CVE-2022-48570

EPSS 0.8%
Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/weidai11/cryptopp/issues/992https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_4_0