1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-R9CH-M4FH-FC7Q

[MAVEN:GHSA-R9CH-M4FH-FC7Q] Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

Severity Moderate
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

Package Affected Version
pkg:maven/org.bouncycastle/bcprov-jdk15 < 1.56
pkg:maven/org.bouncycastle/bcprov-jdk14 < 1.56
Package Fixed Version
pkg:maven/org.bouncycastle/bcprov-jdk15 = 1.56
pkg:maven/org.bouncycastle/bcprov-jdk14 = 1.56
ID
MAVEN:GHSA-R9CH-M4FH-FC7Q
Severity
moderate
URL
https://github.com/advisories/GHSA-r9ch-m4fh-fc7q
Published
2018-10-17T16:24:00
(6 years ago)
Modified
2023-01-09T05:03:25
(20 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.bouncycastle/bcprov-jdk15 org.bouncycastle bcprov-jdk15 < 1.56
Fixed pkg:maven/org.bouncycastle/bcprov-jdk15 org.bouncycastle bcprov-jdk15 = 1.56
Affected pkg:maven/org.bouncycastle/bcprov-jdk14 org.bouncycastle bcprov-jdk14 < 1.56
Fixed pkg:maven/org.bouncycastle/bcprov-jdk14 org.bouncycastle bcprov-jdk14 = 1.56
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date