Lucene search
Veracode Vulnerability DatabaseVERACODE:27737HistoryNov 03, 2020 - 5:24 a.m.
Information Disclosure
2020-11-0305:24:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.001 Low
EPSS
Percentile
36.2%
bouncycastle is vulnerable to information disclosure. The private exponent of the RSA private key can potentially be obtained by sending invalid ciphertext that results in an exception during decryption and analyzing differences in behavior.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bouncy castle provider | le | 1.60 | |
| bouncy castle provider | le | 1.60 | |
| bouncy castle provider | le | 1.60 | |
| bcprov-jdk15on | eq | 1.52.0 | |
| bouncy castle provider | le | 1.60 |
References
github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
github.com/bcgit/bc-java/wiki/CVE-2020-26939
lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
lists.debian.org/debian-lts-announce/2020/11/msg00007.html
security.netapp.com/advisory/ntap-20201202-0005/
Related
nessus
nessus
Debian DLA-2433-1 : bouncycastle security update
2020-11-06 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2433-1)
2020-11-06 00:00:00
cve
cve
CVE-2020-26939
2020-11-02 22:15:13
osv
osv
Observable Differences in Behavior to Error Inputs in Bouncy Castle
2021-04-22 16:16:49
bouncycastle - security update
2020-11-05 00:00:00
ibm
ibm
github
github
Observable Differences in Behavior to Error Inputs in Bouncy Castle
2021-04-22 16:16:49
cvelist
cvelist
CVE-2020-26939
2020-11-02 22:00:15
prion
prion
Design/Logic Flaw
2020-11-02 22:15:00
debian
debian
[SECURITY] [DLA 2433-1] bouncycastle security update
2020-11-05 10:54:47
ubuntucve
ubuntucve
CVE-2020-26939
2020-11-02 00:00:00
debiancve
debiancve
CVE-2020-26939
2020-11-02 22:15:13
nvd
nvd
CVE-2020-26939
2020-11-02 22:15:13