VulnerableCode Package Details - pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.66

Search for packages

Vulnerability	Summary	Fixed by
VCID-abxq-7eq3-g7dp Aliases: CVE-2023-33201 GHSA-hr8g-6v94-x4m9	Improper Certificate Validation Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.	There are no reported fixed by versions.
VCID-amzx-sbps-xke5 Aliases: CVE-2020-28052 GHSA-73xv-w5gp-frxh	Logic error in Legion of the Bouncy Castle BC Java An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.	1.67 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sz15-payv-uyab Aliases: CVE-2023-33202 GHSA-wjxj-5m7g-mg7q	Uncontrolled Resource Consumption Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.	1.73 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-abxq-7eq3-g7dp
Aliases:
CVE-2023-33201
GHSA-hr8g-6v94-x4m9

Improper Certificate Validation Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

There are no reported fixed by versions.

VCID-amzx-sbps-xke5
Aliases:
CVE-2020-28052
GHSA-73xv-w5gp-frxh

Logic error in Legion of the Bouncy Castle BC Java An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

1.67
Affected by 2 other vulnerabilities.

VCID-sz15-payv-uyab
Aliases:
CVE-2023-33202
GHSA-wjxj-5m7g-mg7q

Uncontrolled Resource Consumption Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

1.73
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2u8v-56gn-8uc2	Timing based private key exposure in Bouncy Castle Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.	CVE-2020-15522 GHSA-6xx3-rg99-gc3p

Vulnerability

Summary

Aliases

VCID-2u8v-56gn-8uc2

Timing based private key exposure in Bouncy Castle Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

CVE-2020-15522
GHSA-6xx3-rg99-gc3p

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T00:03:29.459816+00:00	GitLab Importer	Affected by	VCID-sz15-payv-uyab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2023-33202.yml	38.3.0
2026-04-11T23:51:52.767398+00:00	GitLab Importer	Affected by	VCID-abxq-7eq3-g7dp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2023-33201.yml	38.3.0
2026-04-11T22:41:20.482296+00:00	GitLab Importer	Fixing	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2020-15522.yml	38.3.0
2026-04-11T22:34:36.582009+00:00	GitLab Importer	Affected by	VCID-amzx-sbps-xke5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2020-28052.yml	38.3.0
2026-04-03T00:08:10.408462+00:00	GitLab Importer	Affected by	VCID-sz15-payv-uyab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2023-33202.yml	38.1.0
2026-04-02T23:55:06.833340+00:00	GitLab Importer	Affected by	VCID-abxq-7eq3-g7dp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2023-33201.yml	38.1.0
2026-04-02T22:51:46.993064+00:00	GitLab Importer	Fixing	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2020-15522.yml	38.1.0
2026-04-02T22:45:45.093877+00:00	GitLab Importer	Affected by	VCID-amzx-sbps-xke5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2020-28052.yml	38.1.0
2026-04-02T16:57:39.422111+00:00	GHSA Importer	Fixing	VCID-2u8v-56gn-8uc2	https://github.com/advisories/GHSA-6xx3-rg99-gc3p	38.1.0
2026-04-01T17:03:38.884466+00:00	GitLab Importer	Affected by	VCID-amzx-sbps-xke5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2020-28052.yml	38.0.0
2026-04-01T13:01:36.492823+00:00	GithubOSV Importer	Fixing	VCID-2u8v-56gn-8uc2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-6xx3-rg99-gc3p/GHSA-6xx3-rg99-gc3p.json	38.0.0
2026-04-01T12:48:39.891713+00:00	GitLab Importer	Fixing	VCID-2u8v-56gn-8uc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-ext-jdk15on/CVE-2020-15522.yml	38.0.0