9 matches found
EUVD-2018-0572
Malware in sbrugna...
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...
Bouncy Castle JCE Provider AESFastEngine and AESEngine Information Disclosure Vulnerabilities
Bouncy Castle JCE Provider is a Java-based encryption package . AESFastEngine and AESEngine are among the encryption engines. A security vulnerability exists in AESFastEngine and AESEngine in Bouncy Castle JCE Provider 1.55 and earlier versions. An attacker could exploit this vulnerability to...
CVE-2016-1000339
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...
CVE-2016-1000339
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...
UBUNTU-CVE-2016-1000339
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...
PT-2018-4633 · Bouncy Castle +3 · Bouncy Castle Jce Provider +3
Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue is related to the AES algorithm implementation in the Bouncy Castle JCE Provider. Specifically, the AESFastEngine class used in versions 1.55 and earlier has a highly...
CVE-2016-1000339
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...
Side Channel Leakage
bouncycastle is vulnerable to side channel leakages. The library uses large static lookup tables in AESFastEngine mode, meaning where data accessed by the CPU can be observed, it is possible for a malicious user to gain information about the key used to initialize the cipher...