CVE-2023-50979Observable Discrepancy in Crypto

CWE-203Observable Discrepancy5 documents5 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 80.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cryptopp CryptoDebian Libcrypto
Timeline
PublishedDec 18
Latest updateDec 27

Description

Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDcryptopp/crypto8.9.0

🔴Vulnerability Details

2
GHSA
GHSA-w7rq-556w-c7gg: Crypto++ (aka cryptopp) through 82023-12-27
OSV
CVE-2023-50979: Crypto++ (aka cryptopp) through 82023-12-18

📋Vendor Advisories

1
Debian
CVE-2023-50979: libcrypto++ - Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryptio...2023

💬Community

1
Bugzilla
TRIAGE CVE-2023-50979 cryptopp: side-channel leakage during decryption with PKCS#1v1.5 padding (Marvin) [epel-all]2023-12-18
CVE-2023-50979 — Observable Discrepancy in Crypto | cvebase