Main Vulnerability Database Vulnerabilities #VU33072

Information disclosure - CVE-2015-2141

Published: July 1, 2015 / Updated: August 3, 2020

Vulnerability identifier: #VU33072

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-2141

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.

How to mitigate CVE-2015-2141

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-updates/2015-07/msg00047.html
http://sourceforge.net/p/cryptopp/code/542/
http://www.debian.org/security/2015/dsa-3296
http://www.securityfocus.com/bid/75467
https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff

Information disclosure - CVE-2015-2141

Detailed vulnerability description

How to mitigate CVE-2015-2141

Sources

Please verify you're human