pkg:maven/BouncyCastle
Type
maven
Name
BouncyCastle
Known advisories, vulnerabilities and fixes for BouncyCastle package.
Moderate
4
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 1.8.7 |
CVE-2020-15522
|
 MAVEN:GHSA-6XX3-RG99-GC3P
|
Timing based private key exposure in Bouncy Castle | moderate |
2021-08-13T15:22:31
(3 years ago) |
|
| Fixed | = 1.8.7 |
CVE-2020-15522
|
MAVEN:GHSA-6XX3-RG99-GC3P
|
Timing based private key exposure in Bouncy Castle | moderate |
2021-08-13T15:22:31
(3 years ago) |
|
| Affected | < 2.3.1 |
CVE-2024-29857
|
MAVEN:GHSA-8XFC-GM6G-VGPV
|
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Affected | < 2.3.1 |
CVE-2024-30172
|
MAVEN:GHSA-M44J-CFRM-G8QC
|
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Affected | < 2.3.1 |
CVE-2024-30171
|
MAVEN:GHSA-V435-XC8X-WVR9
|
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") | moderate |
2024-05-14T15:32:54
(3 months ago) |