bouncycastle is vulnerable to side channel leakages. The library uses large static lookup tables in AESFastEngine mode, meaning where data accessed by the CPU can be observed, it is possible for a malicious user to gain information about the key used to initialize the cipher.
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2018:2927
github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
lists.debian.org/debian-lts-announce/2018/07/msg00009.html
security.netapp.com/advisory/ntap-20181127-0004/
usn.ubuntu.com/3727-1/
vigilance.fr/vulnerability/Bouncy-Castle-multiple-vulnerabilities-21455
www.bouncycastle.org/releasenotes.html
www.oracle.com/security-alerts/cpuoct2020.html