CVE-2022-48570

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 22, 2023

Updated: Aug 26, 2023

CWE ID 787

Summary

CVE-2022-48570: A timing side channel vulnerability has been identified in Crypto++ versions up to 8.4 during ECDSA signature generation. This issue stems from the FixedSizeAllocatorWithCleanup function, which may write data outside of its allocation if the memory is not 16-byte aligned. Notably, the fix for a similar issue, CVE-2019-14318, was deliberately removed for functionality reasons. This vulnerability could potentially enable an attacker to extract sensitive information by observing the differences in execution times.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sF-nM9
https://www.cve.org/CVERecord?id=CVE-2022-48570
https://nvd.nist.gov/vuln/detail/CVE-2022-48570

Back to Vulnerability Database

CVE-2022-48570

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations