Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.bouncycastle/bcprov-jdk15on@1.69
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.69
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.4
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-2j9r-6zbp-m3bz
Aliases:
CVE-2024-30171
GHSA-v435-xc8x-wvr9
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
1.78
Affected by 0 other vulnerabilities.
VCID-4rs8-tp92-p7ck
Aliases:
CVE-2024-29857
GHSA-8xfc-gm6g-vgpv
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
1.78
Affected by 0 other vulnerabilities.
VCID-abxq-7eq3-g7dp
Aliases:
CVE-2023-33201
GHSA-hr8g-6v94-x4m9
Improper Certificate Validation Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:58:09.970734+00:00 GitLab Importer Affected by VCID-2j9r-6zbp-m3bz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2024-30171.yml 38.4.0
2026-04-16T22:58:02.526843+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2024-29857.yml 38.4.0
2026-04-16T22:32:57.021162+00:00 GitLab Importer Affected by VCID-abxq-7eq3-g7dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2023-33201.yml 38.4.0
2026-04-12T00:16:15.821909+00:00 GitLab Importer Affected by VCID-2j9r-6zbp-m3bz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2024-30171.yml 38.3.0
2026-04-12T00:16:07.809878+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2024-29857.yml 38.3.0
2026-04-11T23:51:51.238546+00:00 GitLab Importer Affected by VCID-abxq-7eq3-g7dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2023-33201.yml 38.3.0
2026-04-03T00:23:16.769729+00:00 GitLab Importer Affected by VCID-2j9r-6zbp-m3bz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2024-30171.yml 38.1.0
2026-04-03T00:23:08.659515+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2024-29857.yml 38.1.0
2026-04-02T23:55:05.264842+00:00 GitLab Importer Affected by VCID-abxq-7eq3-g7dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcprov-jdk15on/CVE-2023-33201.yml 38.1.0