VulnerableCode Package Details - pkg:maven/org.bouncycastle/bc-fips@1.0.2.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4rs8-tp92-p7ck Aliases: CVE-2024-29857 GHSA-8xfc-gm6g-vgpv	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.	1.0.2.5 Affected by 0 other vulnerabilities.
VCID-g87j-yupf-tybu Aliases: CVE-2022-45146 GHSA-68m8-v89j-7j2p	Garbage collection issue in BC-FJA in Java 13 and later An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.	1.0.2.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4rs8-tp92-p7ck
Aliases:
CVE-2024-29857
GHSA-8xfc-gm6g-vgpv

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

1.0.2.5
Affected by 0 other vulnerabilities.

VCID-g87j-yupf-tybu
Aliases:
CVE-2022-45146
GHSA-68m8-v89j-7j2p

Garbage collection issue in BC-FJA in Java 13 and later An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.

1.0.2.4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-2u8v-56gn-8uc2	Timing based private key exposure in Bouncy Castle Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.	CVE-2020-15522 GHSA-6xx3-rg99-gc3p

Vulnerability

Summary

Aliases

VCID-2u8v-56gn-8uc2

Timing based private key exposure in Bouncy Castle Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

CVE-2020-15522
GHSA-6xx3-rg99-gc3p

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:57:58.723030+00:00	GitLab Importer	Affected by	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml	38.4.0
2026-04-16T22:16:04.094078+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.4.0
2026-04-16T21:28:23.071707+00:00	GitLab Importer	Fixing	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.4.0
2026-04-12T00:16:03.801192+00:00	GitLab Importer	Affected by	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml	38.3.0
2026-04-11T23:33:20.016572+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.3.0
2026-04-11T22:41:21.061079+00:00	GitLab Importer	Fixing	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.3.0
2026-04-03T00:23:04.822434+00:00	GitLab Importer	Affected by	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml	38.1.0
2026-04-02T23:38:22.097807+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.1.0
2026-04-02T22:51:47.550345+00:00	GitLab Importer	Fixing	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.1.0
2026-04-02T16:57:39.397916+00:00	GHSA Importer	Fixing	VCID-2u8v-56gn-8uc2	https://github.com/advisories/GHSA-6xx3-rg99-gc3p	38.1.0
2026-04-01T18:00:39.796233+00:00	GitLab Importer	Affected by	VCID-g87j-yupf-tybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml	38.0.0
2026-04-01T13:01:36.478789+00:00	GithubOSV Importer	Fixing	VCID-2u8v-56gn-8uc2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-6xx3-rg99-gc3p/GHSA-6xx3-rg99-gc3p.json	38.0.0
2026-04-01T12:48:39.961578+00:00	GitLab Importer	Fixing	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2020-15522.yml	38.0.0