Fluid Attacks Database

Description

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	libcrypto++	=8.4.0-1 \|\| =8.5.0-1 \|\| =8.6.0-1 \|\| =8.6.0-2 \|\| =8.6.0-3 \|\| =8.7.0+git220824-1 \|\| =8.7.0-1 \|\| =8.8.0-1 \|\| =8.8.0-2 \|\| =8.9.0-1 \|\| =8.9.0-1.1 \|\| =8.9.0-1.1~exp1 \|\| =8.9.0-2
debian 12	libcrypto++	=8.7.0+git220824-1 \|\| =8.8.0-1 \|\| =8.8.0-2 \|\| =8.9.0-1 \|\| =8.9.0-1.1 \|\| =8.9.0-1.1~exp1 \|\| =8.9.0-2
debian 13	libcrypto++	=8.9.0-2
debian 14	libcrypto++	=8.9.0-2

Aliases

1. CVE-2024-282852. NVD-2024-282853. OSV-DEBIAN-2024-282854. OSV-2024-282855. SECURITY-TRACKER-CVE-2024-28285

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.