CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45146
https://notcve.org/view.php?id=CVE-2022-45146
21 Nov 2022 — An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. Se descubrió un problema en la API FIPS Java de Bouncy Castl... • https://github.com/bcgit/bc-java/wiki/CVE-2022-45146 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15522 – bouncycastle: Timing issue within the EC math library
https://notcve.org/view.php?id=CVE-2020-15522
20 May 2021 — Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. Bouncy Castle BC Java versiones anteriores a 1.66, BC C # .NET versiones anteriores a 1.8.7, BC-FJA versiones anteriores a 1.0.1.2, 1.0.2.1 y BC-FNA versiones anteriores a 1.0.1.1... • https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26939
https://notcve.org/view.php?id=CVE-2020-26939
02 Nov 2020 — In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.... • https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2018-1000180 – bouncycastle: flaw in the low-level interface to RSA key pair generator
https://notcve.org/view.php?id=CVE-2018-1000180
05 Jun 2018 — Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 y anteriores tiene un vulnerabilidad en la interfaz de bajo nivel del generador de claves RSA; específicamente, los par... • http://www.securityfocus.com/bid/106567 • CWE-325: Missing Cryptographic Step CWE-327: Use of a Broken or Risky Cryptographic Algorithm •