bc-fips is vulnerable to Information Disclosure. The vulnerability exists because the temporary keys used in the module get zeroed out while still in use by the module, resulting in an error or potential information loss. This vulnerability only affects Java 13 or later.
CPE | Name | Operator | Version |
---|---|---|---|
bouncy castle provider (fips distribution) | le | 1.0.2.3 | |
bouncy castle provider (fips distribution) | le | 1.0.2.3 |