Lucene search
Veracode Vulnerability DatabaseVERACODE:46623HistoryApr 25, 2024 - 3:52 p.m.
Observable Discrepancy
2024-04-2515:52:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
rsa
handshake
vulnerability
bouncycastle
timing differences
sensitive information
software security
6 Medium
AI Score
Confidence
Low
Bouncy Castle is vulnerable to Observable Discrepancy. The vulnerability is due to improper handling of exceptions in RSA-based handshakes. An attacker can exploit the timing differences observed during these exceptions to reveal sensitive information.
References
github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
github.com/bcgit/bc-java/commit/9c84c414fd9bed10bf2a171c29b95d221c77f74c
github.com/bcgit/bc-java/issues/1528
github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
www.bouncycastle.org/latest_releases.html
www.bouncycastle.org/releasenotes.html#:~:text=during%20parameter%20evaluation.-,CVE%2D2024%2D30171,-%2D%20Possible%20timing%20based
Related
openvas
openvas
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-1)
2024-05-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1539-1)
2024-05-07 00:00:00
osv
osv
cgr
cgr
CVE-2024-30171 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2024-30171
2024-05-14 00:00:00
cvelist
cvelist
CVE-2024-30171
2024-05-13 17:51:30
cve
cve
CVE-2024-30171
2024-05-14 15:21:52
debiancve
debiancve
CVE-2024-30171
2024-05-14 15:21:52
wolfi
wolfi
CVE-2024-30171 vulnerabilities
2024-06-02 09:07:39
nessus
nessus
redhatcve
redhatcve
CVE-2024-30171
2024-04-22 10:04:51
github
github
