CVE-2024-28285
📋 TL;DR
CVE-2024-28285 is a fault injection vulnerability in Crypto++'s ElGamal decryption function that allows a co-resident attacker on the same system to extract sensitive information and potentially escalate privileges. This affects any application using Crypto++ 8.9 for ElGamal decryption. The vulnerability requires local access to the victim's system.
💻 Affected Systems
- Crypto++ (Cryptopp)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of encrypted data, privilege escalation to root/system, and lateral movement within the environment.
Likely Case
Disclosure of sensitive information from memory, potential credential theft, and limited privilege escalation within the affected process context.
If Mitigated
No impact if proper isolation controls prevent co-residence or if the vulnerable function isn't used.
🎯 Exploit Status
Exploit requires local access and ability to co-reside on the same system as victim process. Fault injection techniques needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.10 or later
Vendor Advisory: https://github.com/weidai11/cryptopp/security/advisories
Restart Required: Yes
Instructions:
1. Update Crypto++ library to version 8.10 or later. 2. Recompile all applications using Crypto++. 3. Restart affected services.
🔧 Temporary Workarounds
Disable ElGamal Decryption
allRemove or disable use of ElGamal decryption in applications
Modify application code to avoid using SymmetricDecrypt from elgamal.h
Process Isolation
linuxRun sensitive processes in isolated containers or VMs
docker run --security-opt seccomp=unconfined --security-opt no-new-privileges -it image_name
Use VM isolation for critical processes
🧯 If You Can't Patch
- Implement strict process isolation using containers or VMs to prevent co-residence attacks
- Apply principle of least privilege and run processes with minimal permissions
🔍 How to Verify
Check if Vulnerable:
Check if application uses Crypto++ 8.9 and calls SymmetricDecrypt from elgamal.h. Review source code or use ldd/ldconfig to check linked libraries.Check Version:
For Linux: ldd /path/to/application | grep cryptopp; For source: check cryptlib.h versionVerify Fix Applied:
Verify Crypto++ version is 8.10+ and recompile applications. Test that ElGamal decryption functions correctly without crashes.📡 Detection & Monitoring
Log Indicators:
- Unexpected process crashes during decryption operations
- Memory access violations in Crypto++ processes
Network Indicators:
- None - local attack only
SIEM Query:
Process monitoring for fault injection tools or unexpected access to Crypto++ process memory