CVE-2016-7420 -- libcrypto++ID: oval:org.secpod.oval:def:2000351 | Date: (C)2019-06-02 (M)2023-10-05 |
Class: VULNERABILITY | Family: unix |
Crypto++ through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.
Platform: |
Debian 8.x |
Debian 9.x |