bouncycastle is vulnerable to information disclosure. The private exponent of the RSA private key can potentially be obtained by sending invalid ciphertext that results in an exception during decryption and analyzing differences in behavior.
CPE | Name | Operator | Version |
---|---|---|---|
bouncy castle provider | le | 1.60 | |
bouncy castle provider | le | 1.60 | |
bouncy castle provider | le | 1.60 | |
bcprov-jdk15on | eq | 1.52.0 | |
bouncy castle provider | le | 1.60 |
github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
github.com/bcgit/bc-java/wiki/CVE-2020-26939
lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
lists.debian.org/debian-lts-announce/2020/11/msg00007.html
security.netapp.com/advisory/ntap-20201202-0005/