CVE-2020-15522 – bouncycastle: Timing issue within the EC math library
https://notcve.org/view.php?id=CVE-2020-15522
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. Bouncy Castle BC Java versiones anteriores a 1.66, BC C # .NET versiones anteriores a 1.8.7, BC-FJA versiones anteriores a 1.0.1.2, 1.0.2.1 y BC-FNA versiones anteriores a 1.0.1.1, presentan un problema de sincronización dentro de la biblioteca EC math que puede exponer información sobre la clave privada cuando un atacante es capaz de observar información de sincronización para la generación de múltiples firmas ECDSA deterministas A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. • https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522 https://github.com/bcgit/bc-java/wiki/CVE-2020-15522 https://security.netapp.com/advisory/ntap-20210622-0007 https://www.bouncycastle.org/releasenotes.html https://access.redhat.com/security/cve/CVE-2020-15522 https://bugzilla.redhat.com/show_bug.cgi?id=1962879 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-26939
https://notcve.org/view.php?id=CVE-2020-26939
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. En Legion of the Bouncy Castle BC versiones anteriores a 1.61 y BC-FJA versiones anteriores a 1.0.1.2, los atacantes pueden obtener información confidencial sobre un exponente privado debido a las diferencias observables en el comportamiento de las entradas de error. Esto se presenta en org.bouncycastle.crypto.encodings.OAEPEncoding. • https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E • CWE-203: Observable Discrepancy •
CVE-2018-1000180 – bouncycastle: flaw in the low-level interface to RSA key pair generator
https://notcve.org/view.php?id=CVE-2018-1000180
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 y anteriores tiene un vulnerabilidad en la interfaz de bajo nivel del generador de claves RSA; específicamente, los pares de claves RSA generados en la API de bajo nivel con un valor certainty añadido pueden tener menos tests M-R de lo esperado. Parece que se ha resuelto en versiones BC 1.60 beta 4 y posteriores y BC-FJA 1.0.2 y posteriores. A vulnerability was found in BouncyCastle. • http://www.securityfocus.com/bid/106567 https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2019:0877 https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad https://github.com/bcgit/ • CWE-325: Missing Cryptographic Step CWE-327: Use of a Broken or Risky Cryptographic Algorithm •