[MAVEN:GHSA-XQJ7-J8J5-F2XR] Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
Package | Affected Version |
---|---|
pkg:maven/org.bouncycastle/bcprov-jdk15 | < 1.60 |
pkg:maven/org.bouncycastle/bcprov-jdk14 | < 1.60 |
Package | Fixed Version |
---|---|
pkg:maven/org.bouncycastle/bcprov-jdk15 | = 1.60 |
pkg:maven/org.bouncycastle/bcprov-jdk14 | = 1.60 |
- ID
- MAVEN:GHSA-XQJ7-J8J5-F2XR
- Severity
- high
- URL
- https://github.com/advisories/GHSA-xqj7-j8j5-f2xr
- Published
-
2018-10-16T17:44:39
(6 years ago) - Modified
-
2023-02-01T05:04:07
(19 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.bouncycastle/bcprov-jdk15 | org.bouncycastle | bcprov-jdk15 | < 1.60 | |||
Fixed | pkg:maven/org.bouncycastle/bcprov-jdk15 | org.bouncycastle | bcprov-jdk15 | = 1.60 | |||
Affected | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle | bcprov-jdk14 | < 1.60 | |||
Fixed | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle | bcprov-jdk14 | = 1.60 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |