Lucene search
K

19 matches found

RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.15 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.8AI score0.00691EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.14 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.8AI score0.00691EPSS
Exploits0References5
Atlassian
Atlassian
added 2026/05/11 11:29 p.m.26 views

Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server

This High severity Covert timing channel vulnerability was introduced in version 4.9.0 of Crucible Server. Atlassian recommends that Crucible Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crucible Da...

9.9CVSS5.8AI score0.00691EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/28 11:10 a.m.9 views

Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.84. Security issues fixed: CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure...

8.8CVSS5.7AI score0.00758EPSS
Exploits0References20
OSV
OSV
added 2026/04/24 3:54 p.m.5 views

SUSE-SU-2026:21404-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: - Update to version 1.84: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java bsc1262226. - CVE-2026-3505: Unbounded PGP...

9.9CVSS5.8AI score0.00758EPSS
Exploits0References11
OSV
OSV
added 2026/04/24 3:26 p.m.12 views

OPENSUSE-SU-2026:20627-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: - Update to version 1.84: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java bsc1262226. - CVE-2026-3505: Unbounded PGP...

9.9CVSS5.3AI score0.00758EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/17 9:3 p.m.6 views

CVE-2026-5598

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.8AI score0.00691EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/17 6:31 p.m.6 views

EUVD-2026-22872

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. Non-constant time comparisons risk private key leakage in FrodoKEM. This issue affects BC-JAVA: from 2.17.3 before 1.84...

10CVSS5.8AI score0.00691EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/17 12:4 p.m.10 views

SUSE CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

8.6CVSS7.2AI score0.00691EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-5598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files...

9.9CVSS7.2AI score0.00691EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 10:16 a.m.5 views

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

9.9CVSS0.00691EPSS
Exploits0References11
Snyk
Snyk
added 2026/04/15 10:13 a.m.5 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.7 views

Timing Attack

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values ...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/15 9:5 a.m.4 views

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

9.9CVSS5.8AI score0.00691EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/15 9:5 a.m.36 views

CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

9.9CVSS0.00691EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33032

Name of the Vulnerable Software and Affected Versions BC-JAVA versions 1.71 through 1.83 Description A covert timing channel exists in the BC-JAVA core modules, specifically associated with the program files FrodoEngine.Java. A covert timing channel is a method of transferring information from on...

9.9CVSS6.3AI score0.00691EPSS
Exploits0References134
Packet Storm News
Packet Storm News
added 2025/12/25 12:0 a.m.5 views

A Statistical Side-Channel Risk Model for Timing Variability in Lattice-Based Post-Quantum Cryptography

Timing side-channels are an important threat to cryptography that still needs to be addressed in implementations, and the advent of post-quantum cryptography raises this issue because the lattice-based schemes may produce secret-dependent timing variability with the help of complex arithmetic and...

6.9AI score
Exploits0
Rows per page
Query Builder