DEBIAN-CVE-2022-48570

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-48570

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-48570.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-48570

Upstream

CVE-2022-48570

Published

2023-08-22T19:16:32Z

Modified

2025-09-18T05:19:13Z

Summary

[none]

Details

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

References

https://security-tracker.debian.org/tracker/CVE-2022-48570

Affected packages

Debian:11 / libcrypto++

Package

Name: libcrypto++
Purl: pkg:deb/debian/libcrypto%2B%2B?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libcrypto++

Package

Name: libcrypto++
Purl: pkg:deb/debian/libcrypto%2B%2B?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libcrypto++

Package

Name: libcrypto++
Purl: pkg:deb/debian/libcrypto%2B%2B?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libcrypto++

Package

Name: libcrypto++
Purl: pkg:deb/debian/libcrypto%2B%2B?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}