56241 matches found
org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk14 (>=1.81 <=1.83)
org.bouncycastle:bcpkix-debug-jdk14 MAVEN version =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075255...
io.github.compyoot:utilities-and-generic-tools (=0.3.11), org.scala-sbt.ivy:ivy (>=2.3.0-sbt-1b57d3bbc08ecf671169fd548918da18c91f77be <=2.3.0-sbt-fbc4f586aeeb1591710b14eb4f41b94880dcd745) potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk14 (=1.45)
org.bouncycastle:bcpg-jdk14 MAVEN version =1.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcpg-jdk14 and may be impacted: - io.github.compyoot:utilities-and-generic-tools =0.3.11 - org.scala-sbt.ivy:ivy...
io.github.epi155:promethium-pgp-jdk5 (=0.5-B1), io.github.hWorblehat:nexus3-external-auth-plugin (=0.1.0) +220 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15to18 (>=1.65 <=1.82)
org.bouncycastle:bcpg-jdk15to18 MAVEN version =1.65, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-beta3, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.10.0 and more Source cves: CVE-2026-3505 Source advisory:...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...
CVE-2026-3505
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-3505
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-3505
CVE-2026-3505 describes an Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle BC-JAVA bcpg modules. The issue affects the BC-JAVA package (all pg modules) and is tied to specific code paths including AEADEncDataPacket.java, BcAEADUtil.java, JceAEADUtil.java, and Operat...
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid.
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...
CVE-2026-5588
CVE-2026-5588 is a PKIX validation flaw in the Bouncy Castle libraries (BC-JAVA, BCPKIX-FIPS, BCPIX-LTS) where CompositeVerifier could accept an empty signature sequence. Affects BC-JAVA 1.67–1.83 (fixed in 1.84); BCPKIX-FIPS 2.0.6–2.0.10 (fixed in 2.0.11) and 2.1.7–2.1.10 (fixed in 2.1.11); BCPI...
CVE-2026-5588
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...
CVE-2026-5588
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...
CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid.
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...
CVE-2026-5598
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...
CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...
CVE-2026-5598
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...
CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...
CVE-2026-5598
CVE-2026-5598 affects BC-JAVA (Legion of the BC) where non-constant time comparisons in FrodoKEM can create a covert timing channel that risks private-key leakage. Affected line: BC-JAVA from 2.17.3 before 1.84. The issue is rated as CRITICAL (CVSSv4-like metrics shown: NETWORK, LOW ATTACK, no us...