9 matches found
CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the JCE Cipher.doFinal function in org/bouncycastle/jcajce/provider/BaseCipher when the same byte array is used for both input and output during native encrypt or decrypt operations. An attacker can cause data...
Allocation of Resources Without Limits or Throttling
Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attack...
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...
SUSE CVE-2024-30172
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...
Security Bulletin: IBM Security Verify Privilege On-Premise is affected by multiple security vulnerabilities
Summary IBM Security Verify Privilege On-Premise has addressed several security issues. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2022-43891 DESCRIPTION: IBM Security Verify Privilege On-Premises could allow a remote attacker to obtain sensitive information when a...
K05909237: BouncyCastle Java crypto vulnerability CVE-2017-13098
Security Advisory Description BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private...
ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), am.ik.home:uaa-server (>=1.0.0 <=1.2.0) +1386 more potentially affected by CVE-2018-5382 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.49)
org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =1.0.0, =1.1.7, =1.1.9, =1.0.0, =2.0.7, =3.6.1, =3.11.0, =3.19.0 and more Source cves: CVE-2018-5382 Source advisory: OSV:GHSA-8477-3V39-GGPM...
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...