Lucene search

K
osvGoogleOSV:GHSA-V435-XC8X-WVR9
HistoryMay 14, 2024 - 3:32 p.m.

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

2024-05-1415:32:54
Google
osv.dev
12
bouncy castle
java
tls
jsse provider
timing side-channel
rsa key exchange
marvin attack
software

6.4 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

6.4 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%