Cryptopp: >> Crypto++ >> 8.9.0 Security Vulnerabilities
gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-18
ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-18
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-18