Lucene search
PRIOn knowledge basePRION:CVE-2020-26939HistoryNov 02, 2020 - 10:15 p.m.
Design/Logic Flaw
2020-11-0222:15:00
PRIOn knowledge base
www.prio-n.com
5
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
| CPE | Name | Operator | Version |
|---|---|---|---|
| legion-of-the-bouncy-castle | lt | 1.61 | |
| legion-of-the-bouncy-castle-fips-java-api | lt | 1.0.1.2 |
Related
cve
cve
CVE-2020-26939
2020-11-02 22:15:13
nessus
nessus
Debian DLA-2433-1 : bouncycastle security update
2020-11-06 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2433-1)
2020-11-06 00:00:00
osv
osv
Observable Differences in Behavior to Error Inputs in Bouncy Castle
2021-04-22 16:16:49
bouncycastle - security update
2020-11-05 00:00:00
ibm
ibm
github
github
Observable Differences in Behavior to Error Inputs in Bouncy Castle
2021-04-22 16:16:49
cvelist
cvelist
CVE-2020-26939
2020-11-02 22:00:15
debian
debian
[SECURITY] [DLA 2433-1] bouncycastle security update
2020-11-05 10:54:47
ubuntucve
ubuntucve
CVE-2020-26939
2020-11-02 00:00:00
debiancve
debiancve
CVE-2020-26939
2020-11-02 22:15:13
veracode
veracode
Information Disclosure
2020-11-03 05:24:53
nvd
nvd
CVE-2020-26939
2020-11-02 22:15:13