Vulnerabilities > Bouncycastle

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-33202 Resource Exhaustion vulnerability in Bouncycastle Bouncy Castle for Java and Fips Java API
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class.
local
low complexity
bouncycastle CWE-400
5.5
2023-07-05 CVE-2023-33201 Improper Certificate Validation vulnerability in Bouncycastle Bc-Java
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability.
network
low complexity
bouncycastle CWE-295
5.3
2022-11-21 CVE-2022-45146 Use After Free vulnerability in Bouncycastle Fips Java API 1.0.1/1.0.2/1.0.2.3
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4.
local
low complexity
bouncycastle CWE-416
5.5
2021-05-20 CVE-2020-15522 Race Condition vulnerability in Bouncycastle products
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
4.3
2020-12-18 CVE-2020-28052 An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66.
network
high complexity
bouncycastle apache oracle
8.1
2020-11-02 CVE-2020-26939 Information Exposure Through Discrepancy vulnerability in Bouncycastle products
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs.
network
low complexity
bouncycastle CWE-203
5.3
2019-10-08 CVE-2019-17359 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data.
network
low complexity
bouncycastle apache netapp oracle CWE-770
7.5
2018-07-09 CVE-2018-1000613 Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.
network
low complexity
bouncycastle netapp opensuse oracle CWE-470
critical
9.8
2018-06-05 CVE-2018-1000180 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.
network
low complexity
bouncycastle debian oracle netapp redhat CWE-327
7.5
2018-06-04 CVE-2016-1000352 Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode.
5.8