VulnerableCode Package Details - pkg:maven/org.bouncycastle/bc-fips@1.0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-2u8v-56gn-8uc2 Aliases: CVE-2020-15522 GHSA-6xx3-rg99-gc3p	Timing based private key exposure in Bouncy Castle Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.	1.0.2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4rs8-tp92-p7ck Aliases: CVE-2024-29857 GHSA-8xfc-gm6g-vgpv	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.	1.0.2.5 Affected by 0 other vulnerabilities.
VCID-g87j-yupf-tybu Aliases: CVE-2022-45146 GHSA-68m8-v89j-7j2p	Garbage collection issue in BC-FJA in Java 13 and later An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.	1.0.2.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2u8v-56gn-8uc2
Aliases:
CVE-2020-15522
GHSA-6xx3-rg99-gc3p

Timing based private key exposure in Bouncy Castle Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

1.0.2.1
Affected by 2 other vulnerabilities.

VCID-4rs8-tp92-p7ck
Aliases:
CVE-2024-29857
GHSA-8xfc-gm6g-vgpv

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

1.0.2.5
Affected by 0 other vulnerabilities.

VCID-g87j-yupf-tybu
Aliases:
CVE-2022-45146
GHSA-68m8-v89j-7j2p

Garbage collection issue in BC-FJA in Java 13 and later An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.

1.0.2.4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-nau9-4auz-pqbs	Observable Differences in Behavior to Error Inputs in Bouncy Castle In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.	CVE-2020-26939 GHSA-72m5-fvvv-55m6

Vulnerability

Summary

Aliases

VCID-nau9-4auz-pqbs

Observable Differences in Behavior to Error Inputs in Bouncy Castle In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.

CVE-2020-26939
GHSA-72m5-fvvv-55m6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:57:58.719816+00:00	GitLab Importer	Affected by	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml	38.4.0
2026-04-16T22:16:04.090780+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.4.0
2026-04-16T21:28:23.068518+00:00	GitLab Importer	Affected by	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.4.0
2026-04-16T21:21:30.339229+00:00	GitLab Importer	Fixing	VCID-nau9-4auz-pqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-26939.yml	38.4.0
2026-04-12T00:16:03.797743+00:00	GitLab Importer	Affected by	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml	38.3.0
2026-04-11T23:33:20.011122+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.3.0
2026-04-11T22:41:21.057212+00:00	GitLab Importer	Affected by	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.3.0
2026-04-11T22:33:59.064457+00:00	GitLab Importer	Fixing	VCID-nau9-4auz-pqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-26939.yml	38.3.0
2026-04-03T00:23:04.818727+00:00	GitLab Importer	Affected by	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml	38.1.0
2026-04-02T23:38:22.094612+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.1.0
2026-04-02T22:51:47.547063+00:00	GitLab Importer	Affected by	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.1.0
2026-04-02T22:45:04.853419+00:00	GitLab Importer	Fixing	VCID-nau9-4auz-pqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-26939.yml	38.1.0
2026-04-02T16:57:39.394586+00:00	GHSA Importer	Affected by	VCID-2u8v-56gn-8uc2	https://github.com/advisories/GHSA-6xx3-rg99-gc3p	38.1.0
2026-04-02T16:56:31.169242+00:00	GHSA Importer	Fixing	VCID-nau9-4auz-pqbs	https://github.com/advisories/GHSA-72m5-fvvv-55m6	38.1.0
2026-04-01T18:00:39.792423+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.0.0
2026-04-01T17:09:54.079478+00:00	GitLab Importer	Affected by	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.0.0
2026-04-01T17:03:03.081667+00:00	GitLab Importer	Fixing	VCID-nau9-4auz-pqbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-26939.yml	38.0.0
2026-04-01T13:00:48.055133+00:00	GithubOSV Importer	Fixing	VCID-nau9-4auz-pqbs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-72m5-fvvv-55m6/GHSA-72m5-fvvv-55m6.json	38.0.0