Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

bouncycastle bouncy castle for java vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2020-15522
Bouncy Castle BC Java prior to 1.66, BC C# .NET prior to 1.8.7, BC-FJA prior to 1.0.1.2, 1.0.2.1, and BC-FNA prior to 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information fo...
Bouncycastle Bc-csharpBouncycastle Bouncy Castle Fips .net ApiBouncycastle Legion-of-the-bouncy-castle-fips-java-apiBouncycastle The Bouncy Castle Crypto Package For Java
4
CVSSv2
CVE-2013-1624
The TLS implementation in the Bouncy Castle Java library prior to 1.48 and C# library prior to 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to c...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.12Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.11Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.20Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.17Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.04Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.03Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.08Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.07Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.06Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.16Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.13Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.23Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.24Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.32Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.31Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.43Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.44Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.02Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.01Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.05Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.19Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.14
NA
CVE-2023-33202
Bouncy Castle for Java prior to 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a...
Bouncycastle Bouncy Castle For Java
4.3
CVSSv2
CVE-2017-13098
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a ...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
5.8
CVSSv2
CVE-2016-1000352
In the Bouncy Castle JCE Provider version 1.55 and previous versions the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
5.8
CVSSv2
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and previous versions the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
4.3
CVSSv2
CVE-2016-1000345
In the Bouncy Castle JCE Provider version 1.55 and previous versions the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryptio...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-apiDebian Debian Linux 8.0
3.6
CVSSv2
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an malicious user to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore gener...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-apiRedhat Satellite 6.4Redhat Satellite Capsule 6.4
4.3
CVSSv2
CVE-2016-2427
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for malicious users to defeat a cryptographic protection mechanism and discover an authentication key via a crafted applicati...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.54Google Android 5.1.0Google Android 6.0.1Google Android 6.0Google Android 5.0.1Google Android 5.0Google Android 5.1
NA
CVE-2023-33201
Bouncy Castle For Java prior to 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the cert...
Bouncycastle Bc-java
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook