Bc-java Security Vulnerabilities and Issues — Bc-java CVE List

Lucene search

BouncycastleBc-java

8 matches found

CVE•added 2017/12/13 1:29 a.m.•185 views

CVE-2017-13098

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable applicat...

7.5CVSS6.4AI score0.7563EPSS

CVE•added 2018/06/05 1:29 p.m.•185 views

CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta ...

7.5CVSS7.1AI score0.00221EPSS

CVE•added 2019/10/08 2:15 p.m.•175 views

CVE-2019-17359

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

7.5CVSS8.1AI score0.07634EPSS

CVE•added 2018/06/04 1:29 p.m.•143 views

CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. I...

7.5CVSS7.2AI score0.01707EPSS

CVE•added 2018/06/04 1:29 p.m.•132 views

CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisi...

7.5CVSS7.2AI score0.00332EPSS

CVE•added 2018/06/04 9:29 p.m.•118 views

CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

7.4CVSS7.4AI score0.00514EPSS

CVE•added 2018/06/04 9:29 p.m.•103 views

CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

7.4CVSS7.4AI score0.00514EPSS

CVE•added 2018/06/04 1:29 p.m.•98 views

CVE-2016-1000340

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.ma...

7.5CVSS7.3AI score0.00642EPSS