VulnerableCode Package Details - pkg:deb/ubuntu/bouncycastle@1.60-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-x6rq-m1e2-aaab Aliases: CVE-2020-26939 GHSA-72m5-fvvv-55m6	Observable Differences in Behavior to Error Inputs in Bouncy Castle	1.61-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-x6rq-m1e2-aaab
Aliases:
CVE-2020-26939
GHSA-72m5-fvvv-55m6

Observable Differences in Behavior to Error Inputs in Bouncy Castle

1.61-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4fxt-kkh8-aaan	In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification	CVE-2016-1000342 GHSA-qcj7-g2j5-g7r3
VCID-5nqk-znrf-aaab	Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15	CVE-2016-1000341 GHSA-r9ch-m4fh-fc7q
VCID-9c29-3454-aaab	Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15	CVE-2016-1000339 GHSA-c8xf-m4ff-jcxj
VCID-9jcc-2gjw-aaae	In Bouncy Castle JCE Provider the other party DH public key is not fully validated	CVE-2016-1000346 GHSA-fjqm-246c-mwqg
VCID-9vzw-cb96-aaaq	Deserialization of Untrusted Data in Bouncy castle	CVE-2018-1000613 GHSA-4446-656p-f54g
VCID-gm2v-j1q8-aaab	The Bouncy Castle JCE Provider carry a propagation bug	CVE-2016-1000340 GHSA-r97x-3g8f-gx3m
VCID-hxm6-fgzs-aaam	In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode	CVE-2016-1000344 GHSA-2j2x-hx4g-2gf4
VCID-ja9x-8z86-aaag	In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate	CVE-2016-1000338 GHSA-4vhj-98r6-424h
VCID-nd3n-xrcv-aaan	In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode	CVE-2016-1000352 GHSA-w285-wf9q-5w69
VCID-r5ac-x57y-aaap	Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15	CVE-2016-1000345 GHSA-9gp4-qrff-c648
VCID-ywq5-t9hj-aaaf	Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator	CVE-2018-1000180 GHSA-xqj7-j8j5-f2xr
VCID-zwyg-ab9c-aaab	In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values	CVE-2016-1000343 GHSA-rrvx-pwf8-p59p

Vulnerability

Summary

Aliases

VCID-4fxt-kkh8-aaan

In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification

CVE-2016-1000342
GHSA-qcj7-g2j5-g7r3

VCID-5nqk-znrf-aaab

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

CVE-2016-1000341
GHSA-r9ch-m4fh-fc7q

VCID-9c29-3454-aaab

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

CVE-2016-1000339
GHSA-c8xf-m4ff-jcxj

VCID-9jcc-2gjw-aaae

In Bouncy Castle JCE Provider the other party DH public key is not fully validated

CVE-2016-1000346
GHSA-fjqm-246c-mwqg

VCID-9vzw-cb96-aaaq

Deserialization of Untrusted Data in Bouncy castle

CVE-2018-1000613
GHSA-4446-656p-f54g

VCID-gm2v-j1q8-aaab

The Bouncy Castle JCE Provider carry a propagation bug

CVE-2016-1000340
GHSA-r97x-3g8f-gx3m

VCID-hxm6-fgzs-aaam

In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode

CVE-2016-1000344
GHSA-2j2x-hx4g-2gf4

VCID-ja9x-8z86-aaag

In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate

CVE-2016-1000338
GHSA-4vhj-98r6-424h

VCID-nd3n-xrcv-aaan

In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode

CVE-2016-1000352
GHSA-w285-wf9q-5w69

VCID-r5ac-x57y-aaap

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

CVE-2016-1000345
GHSA-9gp4-qrff-c648

VCID-ywq5-t9hj-aaaf

Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator

CVE-2018-1000180
GHSA-xqj7-j8j5-f2xr

VCID-zwyg-ab9c-aaab

In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values

CVE-2016-1000343
GHSA-rrvx-pwf8-p59p

Next non-vulnerable version	1.61-1
Latest non-vulnerable version	1.61-1
Risk	4.0