CVE-2016-7420

Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cryptopp:crypto\+\+:*:*:*:*:*:*:*:*

Information

Published : 2016-09-15 22:59

Updated : 2016-11-28 12:39


NVD link : CVE-2016-7420

Mitre link : CVE-2016-7420


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

cryptopp

  • crypto\+\+