Bouncy Castle is vulnerable to Observable Discrepancy. The vulnerability is due to improper handling of exceptions in RSA-based handshakes. An attacker can exploit the timing differences observed during these exceptions to reveal sensitive information.
github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
github.com/bcgit/bc-java/commit/9c84c414fd9bed10bf2a171c29b95d221c77f74c
github.com/bcgit/bc-java/issues/1528
github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
www.bouncycastle.org/latest_releases.html
www.bouncycastle.org/releasenotes.html#:~:text=during%20parameter%20evaluation.-,CVE%2D2024%2D30171,-%2D%20Possible%20timing%20based