Vulnerabilities > Bouncycastle

DATE CVE VULNERABILITY TITLE RISK
2017-12-13 CVE-2017-13098 Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated.
network
high complexity
bouncycastle CWE-203
5.9
2016-04-18 CVE-2016-2427 Information Exposure vulnerability in multiple products
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568.
local
low complexity
bouncycastle google CWE-200
5.5