Fluid Attacks Database

Description

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libcrypto++	>=0 <5.6.1-7	5.6.1-7
debian 14	libcrypto++	>=0 <5.6.1-7	5.6.1-7
debian 11	libcrypto++	>=0 <5.6.1-7	5.6.1-7
debian 13	libcrypto++	>=0 <5.6.1-7	5.6.1-7

Aliases

1. CVE-2015-21412. NVD-2015-21413. OSV-DEBIAN-2015-21414. OSV-2015-21415. SECURITY-TRACKER-CVE-2015-2141

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.