CVE-2015-2141

EPSS 0.40%

libcrypto++ - security update

Published: 7/1/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-2141

Description

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.

Affected packages (3)

Debian/libcrypto++from 0, < 5.6.1-7
Debian/libcrypto++from 0, < 5.6.0-6+deb6u1
Debian/libcrypto++from 0, < 5.6.1-6+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-2141