Vulnerabilities > Bouncycastle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-23 | CVE-2023-33202 | Resource Exhaustion vulnerability in Bouncycastle Bouncy Castle for Java and Fips Java API Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. | 5.5 |
| 2023-07-05 | CVE-2023-33201 | Improper Certificate Validation vulnerability in Bouncycastle Bc-Java 1.73 Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. | 5.3 |
| 2022-11-21 | CVE-2022-45146 | Use After Free vulnerability in Bouncycastle Fips Java API 1.0.1/1.0.2/1.0.2.3 An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. | 5.5 |
| 2021-05-20 | CVE-2020-15522 | Race Condition vulnerability in Bouncycastle products Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. | 5.9 |
| 2020-11-02 | CVE-2020-26939 | Information Exposure Through Discrepancy vulnerability in Bouncycastle products In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. | 5.3 |
| 2018-06-04 | CVE-2016-1000345 | 7PK - Time and State vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. | 5.9 |
| 2018-06-04 | CVE-2016-1000341 | 7PK - Time and State vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. | 5.9 |
| 2018-06-04 | CVE-2016-1000339 | Cryptographic Issues vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. | 5.3 |
| 2018-04-16 | CVE-2018-5382 | Improper Validation of Integrity Check Value vulnerability in multiple products The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. | 4.4 |
| 2017-12-13 | CVE-2017-13098 | Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. | 5.9 |