Vulnerabilities > Bouncycastle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-23 | CVE-2023-33202 | Resource Exhaustion vulnerability in Bouncycastle Bouncy Castle for Java and Fips Java API Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. | 5.5 |
| 2023-07-05 | CVE-2023-33201 | Improper Certificate Validation vulnerability in Bouncycastle Bc-Java Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. | 5.3 |
| 2022-11-21 | CVE-2022-45146 | Use After Free vulnerability in Bouncycastle Fips Java API 1.0.1/1.0.2/1.0.2.3 An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. | 5.5 |
| 2021-05-20 | CVE-2020-15522 | Race Condition vulnerability in Bouncycastle products Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. | 4.3 |
| 2020-12-18 | CVE-2020-28052 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. | 8.1 |
| 2020-11-02 | CVE-2020-26939 | Information Exposure Through Discrepancy vulnerability in Bouncycastle products In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. | 5.3 |
| 2019-10-08 | CVE-2019-17359 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. | 7.5 |
| 2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2018-06-04 | CVE-2016-1000352 | Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. | 5.8 |