Noloader

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack, as it uses random numbers from an insecure HTTP request to random.org during installation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crypto++ versions 5.6.4 **Description** The issue is related to a bug in the ASN.1 BER decoding routine of the library. When the library allocates a memory block based on the length field of the ASN.1 object and there are not enough content octets, the function fails and the memory block is zeroed, even if it's unused. This results in a noticeable delay during the wipe for large allocations. **Recommendations** For version 5.6.4, consider updating to a newer version that contains a fix for this issue, as the current version has a bug in its ASN.1 BER decoding routine that can cause a noticeable delay during memory wipe for large allocations.