Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bouncycastle vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2023-33202
Bouncy Castle for Java prior to 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a...
Bouncycastle Bouncy Castle For Java
5.5
CVSSv3
CVE-2022-45146
An issue exists in the FIPS Java API of Bouncy Castle BC-FJA prior to 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by t...
Bouncycastle Fips Java Api
5.5
CVSSv3
CVE-2016-2427
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for malicious users to defeat a cryptographic protection mechanism and discover an authentication key via a crafted applicati...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.54
Google Android 5.1.0
Google Android 6.0.1
Google Android 6.0
Google Android 5.0.1
Google Android 5.0
Google Android 5.1
5.3
CVSSv3
CVE-2023-33201
Bouncy Castle For Java prior to 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the cert...
Bouncycastle Bc-java
5.3
CVSSv3
CVE-2020-26939
In Legion of the Bouncy Castle BC prior to 1.61 and BC-FJA prior to 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending i...
Bouncycastle Legion-of-the-bouncy-castle-fips-java-api
Bouncycastle Legion-of-the-bouncy-castle
1 Github repository
5.3
CVSSv3
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
Sap Process Integration 2.0
Sap Process Integration 1.0
2 Articles
4.4
CVSSv3
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an malicious user to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore gener...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Redhat Satellite 6.4
Redhat Satellite Capsule 6.4
3.7
CVSSv3
CVE-2016-1000346
In the Bouncy Castle JCE Provider version 1.55 and previous versions the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of rel...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Debian Debian Linux 8.0
NA
CVE-2024-30171
An issue exists in Bouncy Castle Java TLS API and JSSE Provider prior to 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
NA
CVE-2024-30172
An issue exists in Bouncy Castle Java Cryptography APIs prior to 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »