Описание
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| devel | ignored | compiled with -NDEBUG |
| esm-apps/bionic | ignored | compiled with -NDEBUG |
| esm-apps/xenial | ignored | compiled with -NDEBUG |
| esm-infra-legacy/trusty | ignored | compiled with -NDEBUG |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | ignored | end of standard support |
| trusty/esm | ignored | end of ESM support, was ignored [compiled with -NDEBUG] |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
Crypto++ (aka cryptopp) through 5.6.4 does not document the requiremen ...
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3