Description
The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3296
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75467
Product x_refsource_confirm
http://sourceforge.net/p/cryptopp/code/542/
Patch x_refsource_confirm
https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-07/msg00047.html
Scores
EPSS
0.0040
EPSS Percentile
60.9%
Details
CWE
CWE-200
Status
published
Products (3)
cryptopp/crypto\+\+_library
5.6.2
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Jul 01, 2015
Tracked Since
Feb 18, 2026