{"id":"CVE-2016-7420","details":"Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.","modified":"2026-04-16T06:25:36.239402656Z","published":"2016-09-16T05:59:15.427Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/11/14/5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/09/28/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/09/28/4"},{"type":"WEB","url":"http://www.securityfocus.com/bid/92988"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/15/12"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/16/1"},{"type":"FIX","url":"https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6"},{"type":"FIX","url":"https://github.com/weidai11/cryptopp/issues/277"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weidai11/cryptopp","events":[{"introduced":"0"},{"last_affected":"4132d85888ac6c30729f58bb442a4a26a5b16cfe"},{"fixed":"553049ba297d89d9e8fbf2204acb40a8a53f5cd6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.6.4"}]}}],"versions":["CRYPTOPP_5_0","CRYPTOPP_5_1","CRYPTOPP_5_2","CRYPTOPP_5_2_1","CRYPTOPP_5_2_3","CRYPTOPP_5_3_0","CRYPTOPP_5_4","CRYPTOPP_5_5","CRYPTOPP_5_5_1","CRYPTOPP_5_5_2","CRYPTOPP_5_6_0","CRYPTOPP_5_6_1","CRYPTOPP_5_6_2","CRYPTOPP_5_6_3","CRYPTOPP_5_6_4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7420.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}