Search for packages
| purl | pkg:maven/org.bouncycastle/bcpkix-jdk15to18@1.68 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8kgr-r3r4-aaak
Aliases: CVE-2024-30171 GHSA-v435-xc8x-wvr9 |
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. |
Affected by 0 other vulnerabilities. |
|
VCID-99hh-6w2u-aaaa
Aliases: CVE-2024-30172 GHSA-m44j-cfrm-g8qc |
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key. |
Affected by 0 other vulnerabilities. |
|
VCID-p1ac-tc9q-aaaa
Aliases: CVE-2024-29857 GHSA-8xfc-gm6g-vgpv |
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters. |
Affected by 0 other vulnerabilities. |
|
VCID-tt54-7vmn-aaaj
Aliases: CVE-2023-33202 GHSA-wjxj-5m7g-mg7q |
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||