Jeffrey Walton

3 exploits Active since Jul 2015
CVE-2015-2141 WRITEUP WRITEUP
Cryptopp Crypto++ Library - Information Disclosure
The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.
CVE-2016-7420 WRITEUP MEDIUM WRITEUP
Crypto++ < 5.6.4 - Exposure of Sensitive Information via Assertion Failure
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
CVSS 5.9
CVE-2017-9434 WRITEUP MEDIUM WRITEUP
Crypto++ < 5.6.4 - Out-of-bounds Read in Inflator Filter
Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.
CVSS 5.3