CVE-2016-3995 — Sensitive Information Exposure in Crypto
Severity
7.5HIGHNVD
EPSS
1.0%
top 22.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 13
Latest updateMay 17
Description
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-rfvf-996j-mmvf: The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5↗2022-05-17
OSV▶
CVE-2016-3995: The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5↗2017-02-13
📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2016-2123 samba: NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability (ZDI-CAN-3995)↗2016-11-08