CVE-2022-48570

Published: Aug 22, 2023

Modified: Oct 3, 2024

PUBLISHED

Description

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_4_0

https://github.com/weidai11/cryptopp/issues/992

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48570

Description

Affected Products

References