Lucene search
+L

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

🗓️ 30 Apr 2026 11:14:58Reported by RedHatType 
redhat
 redhat
🔗 access.redhat.com👁 9 Views

Bouncy Castle Java core FrodoKEM timing channel leaks private keys via non constant time comparisons.

Related
Packages
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto (CVE-2025-14813, CVE-2026-5598)
21 May 202615:57
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2026-3505, CVE-2025-14813, CVE-2026-0636, CVE-2026-5598, CVE-2026-33671, CVE-2026-33672, CVE-2026-5588, CVE-2026-40175)
8 Jun 202613:55
ibm
IBM Security Bulletins
Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm, Covert Timing Channel (CVE-2025-14813, CVE-2026-5598)
16 Jun 202614:10
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Bouncy Castle bcprov-jdk (CVE-2025-14813, CVE-2026-5598)
27 May 202614:02
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
1 Jul 202617:37
ibm
IBM Security Bulletins
Security Bulletin: IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82.
23 Jun 202619:54
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by broken or risky algorithm.
17 Jun 202606:42
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability affect cryptography-46.0.5, and bcprov-jdk18on-1.82.jar IBM COS Systems (July 2026)
14 Jul 202615:47
ibm
IBM Security Bulletins
Security Bulletin: IBM ApplinX is vulnerable to multiple vulnerabilities due to the use of Bouncy Castle library (CVE-2023-33202, CVE-2025-8916, CVE-2026-5588, CVE-2025-14813, CVE-2026-5598, CVE-2026-0636)
19 Jun 202608:51
ibm
IBM Security Bulletins
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Bouncy Castle (CVE-2026-0636,CVE-2026-5598,CVE-2026-5588&CVE-2026-3505)
29 Jun 202608:48
ibm
Rows per page
OSOS VersionArchitecturePackagePackage VersionFilename
Red Hat Enterprise Linux7noarcheap7-bouncycastle1.84.0-1.redhat_00001.1.el7eapeap7-bouncycastle-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm
Red Hat Enterprise Linux8noarcheap7-bouncycastle1.84.0-1.redhat_00001.1.el8eapeap7-bouncycastle-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm
Red Hat Enterprise Linux9noarcheap7-bouncycastle1.84.0-1.redhat_00001.1.el9eapeap7-bouncycastle-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm
Red Hat Enterprise Linux7noarcheap7-bouncycastle-mail1.84.0-1.redhat_00001.1.el7eapeap7-bouncycastle-mail-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm
Red Hat Enterprise Linux8noarcheap7-bouncycastle-mail1.84.0-1.redhat_00001.1.el8eapeap7-bouncycastle-mail-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm
Red Hat Enterprise Linux9noarcheap7-bouncycastle-mail1.84.0-1.redhat_00001.1.el9eapeap7-bouncycastle-mail-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm
Red Hat Enterprise Linux7noarcheap7-bouncycastle-pg1.84.0-1.redhat_00001.1.el7eapeap7-bouncycastle-pg-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm
Red Hat Enterprise Linux8noarcheap7-bouncycastle-pg1.84.0-1.redhat_00001.1.el8eapeap7-bouncycastle-pg-1.84.0-1.redhat_00001.1.el8eap.noarch.rpm
Red Hat Enterprise Linux9noarcheap7-bouncycastle-pg1.84.0-1.redhat_00001.1.el9eapeap7-bouncycastle-pg-1.84.0-1.redhat_00001.1.el9eap.noarch.rpm
Red Hat Enterprise Linux7noarcheap7-bouncycastle-pkix1.84.0-1.redhat_00001.1.el7eapeap7-bouncycastle-pkix-1.84.0-1.redhat_00001.1.el7eap.noarch.rpm
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Jun 2026 04:17Current
5.4Medium risk
Vulners AI Score5.4
CVSS 3.17.5
CVSS 49.9
EPSS0.00691
SSVC
9