[MAVEN:GHSA-XQJ7-J8J5-F2XR] Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
| Package | Affected Version |
|---|---|
 pkg:maven/org.bouncycastle/bcprov-jdk15
|
< 1.60 |
|
pkg:maven/org.bouncycastle/bcprov-jdk14
|
< 1.60 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.bouncycastle/bcprov-jdk15
|
= 1.60 |
|
pkg:maven/org.bouncycastle/bcprov-jdk14
|
= 1.60 |
- ID
- MAVEN:GHSA-XQJ7-J8J5-F2XR
- Severity
- high
- URL
- https://github.com/advisories/GHSA-xqj7-j8j5-f2xr
- Published
-
2018-10-16T17:44:39
(6 years ago) - Modified
-
2023-02-01T05:04:07
(19 months ago) - Rights
- Maven Security Team
- Other Advisories
DSA-4233-1
FEDORA-2018-ceced55c5e
FREEBSD:FE93803C-883F-11E8-9F0C-001B216D295B| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk15 | org.bouncycastle |
bcprov-jdk15
|
< 1.60 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk15 | org.bouncycastle |
bcprov-jdk15
|
= 1.60 | |||
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle |
bcprov-jdk14
|
< 1.60 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle |
bcprov-jdk14
|
= 1.60 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |