Published: 02/11/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In Legion of the Bouncy Castle BC prior to 1.61 and BC-FJA prior to 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bouncycastle legion-of-the-bouncy-castle-fips-java-api
bouncycastle legion-of-the-bouncy-castle

The Box SDK for Java.

Box Java SDK The Box Java SDK for interacting with the Box Content API Latest Release Latest release can be found here Upgrades You can read about how to migrate to the 4 version here Versions We use a modified version of Semantic Versioning for all changes See version strategy for details which is effective from 30 July 2022 Supported Version Only the current MAJOR v

CWE-203 https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E https://nvd.nist.gov https://github.com/box/box-java-sdk

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-26939

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect