2 matches found
CVE-2023-33201
CVE-2023-33201 relates to Bouncy Castle for Java (bc-java) before 1.74, where LDAP injection can occur during X.509 cert validation when an LDAP CertStore is used. The vacuum is created by inserting the certificate’s Subject Name into an LDAP search filter without escaping, enabling LDAP injectio...
CVE-2017-13098
Bouncy Castle TLS prior to 1.0.3, when configured to use the JCE for cryptographic operations, is vulnerable to a Bleichenbacher/ROBOT oracle when RSA key exchange is negotiated. An attacker could use this to recover the private key from a vulnerable application. Affected: Bouncy Castle TLS (Java...