CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
72.4%
Package : libcrypto++
Version : 5.6.0-6+deb6u1
CVE ID : CVE-2015-2141
Evgeny Sidorov discovered that libcrypto++, a general purpose C++
cryptographic library, did not properly implement blinding to mask
private key operations for the Rabin-Williams digital signature
algorithm. This could allow remote attackers to mount a timing attack
and retrieve the user's private key.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | ia64 | libcrypto++-utils | < 5.6.1-6+deb7u1 | libcrypto++-utils_5.6.1-6+deb7u1_ia64.deb |
Debian | 7 | kfreebsd-i386 | libcrypto++-utils | < 5.6.1-6+deb7u1 | libcrypto++-utils_5.6.1-6+deb7u1_kfreebsd-i386.deb |
Debian | 8 | s390x | libcrypto++9-dbg | < 5.6.1-6+deb8u1 | libcrypto++9-dbg_5.6.1-6+deb8u1_s390x.deb |
Debian | 8 | s390x | libcrypto++-dev | < 5.6.1-6+deb8u1 | libcrypto++-dev_5.6.1-6+deb8u1_s390x.deb |
Debian | 7 | s390 | libcrypto++-utils | < 5.6.1-6+deb7u1 | libcrypto++-utils_5.6.1-6+deb7u1_s390.deb |
Debian | 6 | amd64 | libcrypto++8 | < 5.6.0-6+deb6u1 | libcrypto++8_5.6.0-6+deb6u1_amd64.deb |
Debian | 8 | kfreebsd-amd64 | libcrypto++-dev | < 5.6.1-6+deb8u1 | libcrypto++-dev_5.6.1-6+deb8u1_kfreebsd-amd64.deb |
Debian | 7 | kfreebsd-i386 | libcrypto++9-dbg | < 5.6.1-6+deb7u1 | libcrypto++9-dbg_5.6.1-6+deb7u1_kfreebsd-i386.deb |
Debian | 8 | arm64 | libcrypto++-dev | < 5.6.1-6+deb8u1 | libcrypto++-dev_5.6.1-6+deb8u1_arm64.deb |
Debian | 8 | ppc64el | libcrypto++-utils | < 5.6.1-6+deb8u1 | libcrypto++-utils_5.6.1-6+deb8u1_ppc64el.deb |