Your submission was sent successfully! Close

CVE-2015-2141

Published: 01 July 2015

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.

Priority

Medium

Status

Package Release Status
libcrypto++
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.1-7)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(5.6.1-7)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.6.1-6+deb8u1build0.14.04.1)
Patches:
Upstream: https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff