Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this report is disputed by the vendor and multiple third parties. The execution-time differences are intentional. A user may make a choice of a longer key as a tradeoff between strength and performance. In making this choice, the amount of information leaked to an adversary is of infinitesimal value
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Crypto++ 安全漏洞
Vulnerability Description
Crypto++是一款C++加密方法类库 Crypto++(又名Cryptopp) 8.6.0及更早版本存在安全漏洞,该漏洞源于软件在MakePublicKey()中包含一个计时泄漏。私钥执行时间与私钥长度存在明显的相关性,可能导致私钥长度信息的泄露。这可能允许攻击者可利用该漏洞进行计时攻击。
CVSS Information
N/A
Vulnerability Type
N/A