CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

RedHat Linux•added 2026/05/18 12:12 p.m.•9 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.8AI score0.00022EPSS

Exploits0References5

RedHat Linux•added 2026/04/30 11:14 a.m.•4 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

9.9CVSS5.4AI score0.00022EPSS

Exploits0References5

RedHat Linux•added 2026/04/30 11:9 a.m.•3 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

9.9CVSS5.4AI score0.00022EPSS

Exploits0References5

OSV•added 2026/04/15 10:16 a.m.•2 views

DEBIAN-CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

9.9CVSS5.8AI score0.00022EPSS

Exploits0References1

CVE•added 2026/04/15 9:5 a.m.•7 views

CVE-2026-5598

CVE-2026-5598 affects BC-JAVA (Legion of the BC) where non-constant time comparisons in FrodoKEM can create a covert timing channel that risks private-key leakage. Affected line: BC-JAVA from 2.17.3 before 1.84. The issue is rated as CRITICAL (CVSSv4-like metrics shown: NETWORK, LOW ATTACK, no us...

9.9CVSS5.8AI score0.00022EPSS

Exploits0References3

Debian CVE•added 2026/04/15 9:5 a.m.•3 views

CVE-2026-5598

9.9CVSS5.8AI score0.00022EPSS

Exploits0

Vulnrichment•added 2026/04/15 9:5 a.m.•0 views

CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.

9.9CVSS5.8AI score0.00022EPSS

Exploits0References3

CNNVD•added 2026/04/15 12:0 a.m.•4 views

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. There were security vulnerabilities in Bouncy Castle Java versions from 2.17.3 to 1.84. These vulnerabilities stemmed from non-constant time comparisons, which could lead to the exposure of the...

9.9CVSS7.1AI score0.00022EPSS

Exploits0References5

Packet Storm News•added 2025/08/07 12:0 a.m.•1 views

A Comparative Performance Evaluation of Kyber, Sntrup761, and FrodoKEM for Post-Quantum Cryptography

Post-quantum cryptography PQC aims to develop cryptographic algorithms that are secure against attacks from quantum computers. This paper compares the leading postquantum cryptographic algorithms, such as Kyber, sntrup761, and FrodoKEM, in terms of their security, performance, and real-world...

6.9AI score

Exploits0

SUSE CVE•added 2025/02/14 7:2 a.m.•1 views

SUSE CVE-2023-1732

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

5.3CVSS7.7AI score0.00415EPSS

Exploits0References3

OSV•added 2023/05/24 3:32 p.m.•25 views

GO-2023-1765 Leaked shared secret and weak blinding in github.com/cloudflare/circl

8.2CVSS6.2AI score0.00415EPSS

Exploits0References2

Veracode•added 2023/05/12 9:49 a.m.•18 views

Insecure Randomness

github.com/cloudflare/circl is vulnerable to Insecure Randomness. Kyber and FrodoKEM did not check whether crypto/rand.Read returned an error, leading to a predictable shared secret. The tkn20 and blindrsa components did not check if enough randomness was returned from the user provided randomnes...

8.2CVSS6.2AI score0.00415EPSS

Exploits0References3Affected Software1

OSV•added 2023/05/11 8:40 p.m.•21 views

GHSA-2Q89-485C-9J2X Improper random reading in CIRCL

Impact When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did...

5.3CVSS6.2AI score0.00415EPSS

Exploits0References5

Github Security Blog•added 2023/05/11 8:40 p.m.•18 views

Improper random reading in CIRCL

8.2CVSS7.8AI score0.00415EPSS

Exploits0References5Affected Software1

OSV•added 2023/05/10 12:15 p.m.•17 views

CVE-2023-1732

8.2CVSS7AI score

Exploits0References1

NVD•added 2023/05/10 12:15 p.m.•9 views

CVE-2023-1732

8.2CVSS6.4AI score0.00415EPSS

Exploits0References1

Prion•added 2023/05/10 12:15 p.m.•30 views

Design/Logic Flaw

6.4CVSS8AI score0.00415EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/05/10 11:41 a.m.•8 views

CVE-2023-1732 Improper random reading in CIRCL

5.3CVSS8.1AI score0.00415EPSS

Exploits0References1

CVE•added 2023/05/10 11:41 a.m.•415 views

CVE-2023-1732

CVE-2023-1732 concerns CIRCL (Cloudflare’s Go cryptographic library) where the randomness sampling for Kyber and FrodoKEM did not verify that crypto/rand.Read() succeeded. In rare deployments, Read() could return an error, making the generated shared secret potentially predictable. Additional iss...

8.2CVSS6.3AI score0.00415EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/05/10 11:41 a.m.•14 views

CVE-2023-1732 Improper random reading in CIRCL

5.3CVSS8.3AI score0.00415EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by