VulnerableCode Package Details - pkg:deb/debian/libcrypto%2B%2B@8.4.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-4azj-gnk2-bfee Aliases: CVE-2021-40530	information disclosure	8.6.0-1 Affected by 0 other vulnerabilities. 8.7.0+git220824-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.9.0-2 Affected by 0 other vulnerabilities.
VCID-cq4a-bah8-nbfg Aliases: CVE-2023-50980	gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.	8.9.0-2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4azj-gnk2-bfee
Aliases:
CVE-2021-40530

information disclosure

8.6.0-1
Affected by 0 other vulnerabilities.

8.7.0+git220824-1
Affected by 1 other vulnerability.

8.9.0-2
Affected by 0 other vulnerabilities.

VCID-cq4a-bah8-nbfg
Aliases:
CVE-2023-50980

gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.

8.9.0-2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1rzn-y6tv-fybt	security update	CVE-2016-9939
VCID-6nfn-dzeh-d3av	Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.	CVE-2016-7544
VCID-8kst-qb5s-uycd	denial of service	CVE-2017-9434
VCID-mxpy-4eyq-h3ep	private key recovery	CVE-2019-14318
VCID-sj7w-zbub-5yaz	The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.	CVE-2016-3995
VCID-w94h-6497-3bbb	security update	CVE-2015-2141

Vulnerability

Summary

Aliases

VCID-1rzn-y6tv-fybt

security update

CVE-2016-9939

VCID-6nfn-dzeh-d3av

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.

CVE-2016-7544

VCID-8kst-qb5s-uycd

denial of service

CVE-2017-9434

VCID-mxpy-4eyq-h3ep

private key recovery

CVE-2019-14318

VCID-sj7w-zbub-5yaz

The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.

CVE-2016-3995

VCID-w94h-6497-3bbb

security update

CVE-2015-2141

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T16:56:17.673736+00:00	Debian Importer	Affected by	VCID-cq4a-bah8-nbfg	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:56:17.633638+00:00	Debian Importer	Affected by	VCID-4azj-gnk2-bfee	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:56:17.620604+00:00	Debian Importer	Fixing	VCID-mxpy-4eyq-h3ep	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:56:17.601361+00:00	Debian Importer	Fixing	VCID-8kst-qb5s-uycd	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:56:17.579328+00:00	Debian Importer	Fixing	VCID-1rzn-y6tv-fybt	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:56:17.559809+00:00	Debian Importer	Fixing	VCID-6nfn-dzeh-d3av	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:56:17.536236+00:00	Debian Importer	Fixing	VCID-sj7w-zbub-5yaz	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T16:56:17.516974+00:00	Debian Importer	Fixing	VCID-w94h-6497-3bbb	https://security-tracker.debian.org/tracker/data/json	38.6.0