CVE-2024-28285

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cryptopp Crypto++ version 8.9

Description A fault injection issue in the SymmetricDecrypt function, located in cryptopp/elgamal.h, allows an attacker to co-reside in the same system with a victim process. This enables the attacker to disclose information and escalate privileges.

Recommendations For Cryptopp Crypto++ version 8.9, consider disabling the SymmetricDecrypt function in cryptopp/elgamal.h as a temporary workaround to minimize the risk of exploitation. Restrict access to sensitive information and processes to prevent privilege escalation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Generation of Error Message Containing Sensitive Information

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209CWE-285

Related Identifiers

BDU:2026-00297

CVE-2024-28285

OPENSUSE-SU-2025:15627-1

SUSE-SU-2025:01816-1

SUSE-SU-2025:01939-1

SUSE-SU-2025_01816-1

SUSE-SU-2025_01939-1

Affected Products

Cryptopp Crypto++

Debian

Suse

CVE-2024-28285

Weakness Enumeration

Related Identifiers

Affected Products

References · 16