CVE-2022-48570

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 22, 2023
Updated: Aug 26, 2023
CWE ID 787

Summary

CVE-2022-48570: A timing side channel vulnerability has been identified in Crypto++ versions up to 8.4 during ECDSA signature generation. This issue stems from the FixedSizeAllocatorWithCleanup function, which may write data outside of its allocation if the memory is not 16-byte aligned. Notably, the fix for a similar issue, CVE-2019-14318, was deliberately removed for functionality reasons. This vulnerability could potentially enable an attacker to extract sensitive information by observing the differences in execution times.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share