Search for packages
| purl | pkg:deb/ubuntu/bouncycastle@1.33-2ubuntu3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4fxt-kkh8-aaan
Aliases: CVE-2016-1000342 GHSA-qcj7-g2j5-g7r3 |
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification |
Affected by 1 other vulnerability. |
|
VCID-5nqk-znrf-aaab
Aliases: CVE-2016-1000341 GHSA-r9ch-m4fh-fc7q |
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 |
Affected by 1 other vulnerability. |
|
VCID-6w5e-vydq-aaac
Aliases: CVE-2013-1624 GHSA-8353-fgcr-xfhx |
The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. |
Affected by 17 other vulnerabilities. |
|
VCID-9c29-3454-aaab
Aliases: CVE-2016-1000339 GHSA-c8xf-m4ff-jcxj |
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 |
Affected by 1 other vulnerability. |
|
VCID-9jcc-2gjw-aaae
Aliases: CVE-2016-1000346 GHSA-fjqm-246c-mwqg |
In Bouncy Castle JCE Provider the other party DH public key is not fully validated |
Affected by 1 other vulnerability. |
|
VCID-9vzw-cb96-aaaq
Aliases: CVE-2018-1000613 GHSA-4446-656p-f54g |
Deserialization of Untrusted Data in Bouncy castle |
Affected by 1 other vulnerability. |
|
VCID-a8mw-s4pr-aaab
Aliases: CVE-2018-5382 GHSA-8477-3v39-ggpm |
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself. |
Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-gm2v-j1q8-aaab
Aliases: CVE-2016-1000340 GHSA-r97x-3g8f-gx3m |
The Bouncy Castle JCE Provider carry a propagation bug |
Affected by 1 other vulnerability. |
|
VCID-hxm6-fgzs-aaam
Aliases: CVE-2016-1000344 GHSA-2j2x-hx4g-2gf4 |
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode |
Affected by 1 other vulnerability. |
|
VCID-ja9x-8z86-aaag
Aliases: CVE-2016-1000338 GHSA-4vhj-98r6-424h |
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate |
Affected by 1 other vulnerability. |
|
VCID-jesj-cmj4-aaag
Aliases: CVE-2015-7940 GHSA-4mv7-cq75-3qjm |
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 |
Affected by 16 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-myr7-uyar-aaad
Aliases: CVE-2017-13098 GHSA-wrwf-pmmj-w989 |
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." |
Affected by 13 other vulnerabilities. |
|
VCID-nd3n-xrcv-aaan
Aliases: CVE-2016-1000352 GHSA-w285-wf9q-5w69 |
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode |
Affected by 1 other vulnerability. |
|
VCID-nupt-j8jb-aaar
Aliases: CVE-2015-6644 |
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. |
Affected by 15 other vulnerabilities. |
|
VCID-r5ac-x57y-aaap
Aliases: CVE-2016-1000345 GHSA-9gp4-qrff-c648 |
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 |
Affected by 1 other vulnerability. |
|
VCID-x6rq-m1e2-aaab
Aliases: CVE-2020-26939 GHSA-72m5-fvvv-55m6 |
Observable Differences in Behavior to Error Inputs in Bouncy Castle |
Affected by 0 other vulnerabilities. |
|
VCID-ywq5-t9hj-aaaf
Aliases: CVE-2018-1000180 GHSA-xqj7-j8j5-f2xr |
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator |
Affected by 1 other vulnerability. |
|
VCID-zwyg-ab9c-aaab
Aliases: CVE-2016-1000343 GHSA-rrvx-pwf8-p59p |
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|