bouncycastle is vulnerable to carry propagation bugs. This bug caused mathematical miscalculations during static Elliptic Curve Diffie Hellman which in rare cases for it to miscalculate elliptic curve scalar multiplication. This allows a malicious user in certain cases to obtain the key.
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2018:2927
github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
security.netapp.com/advisory/ntap-20181127-0004/
vigilance.fr/vulnerability/Bouncy-Castle-multiple-vulnerabilities-21455
www.bouncycastle.org/releasenotes.html
www.oracle.com/security-alerts/cpuoct2020.html