Search for vulnerabilities
Vulnerability details: VCID-t3ap-b4c1-byfr
Vulnerability ID VCID-t3ap-b4c1-byfr
Aliases CVE-2024-30171
GHSA-v435-xc8x-wvr9
Summary Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-203 Observable Discrepancy
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-208 Observable Timing Discrepancy
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-30171
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-v435-xc8x-wvr9
cvssv3.1 5.9 https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
generic_textual MODERATE https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
cvssv3.1 5.9 https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
generic_textual MODERATE https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
ssvc Track https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
cvssv3.1 5.9 https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
generic_textual MODERATE https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
cvssv3.1 5.9 https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
generic_textual MODERATE https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
cvssv3.1 5.9 https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
generic_textual MODERATE https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
ssvc Track https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2024-30171
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-30171
cvssv3.1 5.9 https://security.netapp.com/advisory/ntap-20240614-0008
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20240614-0008
cvssv3.1 5.9 https://security.netapp.com/advisory/ntap-20240614-0008/
ssvc Track https://security.netapp.com/advisory/ntap-20240614-0008/
cvssv3.1 5.9 https://www.bouncycastle.org/latest_releases.html
generic_textual MODERATE https://www.bouncycastle.org/latest_releases.html
ssvc Track https://www.bouncycastle.org/latest_releases.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json
https://api.first.org/data/v1/epss?cve=CVE-2024-30171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
https://nvd.nist.gov/vuln/detail/CVE-2024-30171
https://security.netapp.com/advisory/ntap-20240614-0008
https://www.bouncycastle.org/latest_releases.html
1070655 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
2276360 https://bugzilla.redhat.com/show_bug.cgi?id=2276360
GHSA-v435-xc8x-wvr9 https://github.com/advisories/GHSA-v435-xc8x-wvr9
ntap-20240614-0008 https://security.netapp.com/advisory/ntap-20240614-0008/
RHSA-2024:4173 https://access.redhat.com/errata/RHSA-2024:4173
RHSA-2024:4271 https://access.redhat.com/errata/RHSA-2024:4271
RHSA-2024:4326 https://access.redhat.com/errata/RHSA-2024:4326
RHSA-2024:4505 https://access.redhat.com/errata/RHSA-2024:4505
RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479
RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481
RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/ Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/ Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-30171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240614-0008
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240614-0008/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/ Found at https://security.netapp.com/advisory/ntap-20240614-0008/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.bouncycastle.org/latest_releases.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/ Found at https://www.bouncycastle.org/latest_releases.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.13089
EPSS Score 0.00045
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:35:45.928873+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-v435-xc8x-wvr9/GHSA-v435-xc8x-wvr9.json 37.0.0