Known Vulnerabilities for products from Bouncycastle
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bouncycastle".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-33202 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2023-11-23 | 2024-01-25 |
| CVE-2023-33201 json | Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects application... | 5.3 - MEDIUM | 2023-07-05 | 2023-08-24 |
| CVE-2022-45146 json | An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in ... | 5.5 - MEDIUM | 2022-11-21 | 2022-11-30 |
| CVE-2020-28052 json | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method ... | 8.1 - HIGH | 2020-12-18 | 2023-11-07 |
| CVE-2020-26939 json | In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a p... | 5.3 - MEDIUM | 2020-11-02 | 2023-11-07 |
| CVE-2020-15522 json | Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a ... | 5.9 - MEDIUM | 2021-05-20 | 2021-06-22 |
| CVE-2019-17359 json | The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant Ou... | 7.5 - HIGH | 2019-10-08 | 2023-11-07 |
| CVE-2018-1000613 json | Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a C... | 9.8 - CRITICAL | 2018-07-09 | 2024-01-25 |
| CVE-2018-1000180 json | Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair g... | 7.5 - HIGH | 2018-06-05 | 2023-11-07 |
| CVE-2018-5382 json | The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a ... | 4.4 - MEDIUM | 2018-04-16 | 2022-04-20 |
| CVE-2017-13098 json | BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic funct... | 5.9 - MEDIUM | 2017-12-13 | 2020-10-20 |
| CVE-2016-1000352 json | In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is... | 7.4 - HIGH | 2018-06-04 | 2020-10-20 |
| CVE-2016-1000346 json | In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cau... | 3.7 - LOW | 2018-06-04 | 2020-10-20 |
| CVE-2016-1000345 json | In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For ... | 5.9 - MEDIUM | 2018-06-04 | 2020-10-20 |
| CVE-2016-1000344 json | In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is... | 7.4 - HIGH | 2018-06-04 | 2020-10-20 |
| CVE-2016-1000343 json | In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used wi... | 7.5 - HIGH | 2018-06-04 | 2023-11-07 |
| CVE-2016-1000342 json | In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verif... | 7.5 - HIGH | 2018-06-04 | 2020-10-20 |
| CVE-2016-1000341 json | In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where tim... | 5.9 - MEDIUM | 2018-06-04 | 2020-10-20 |
| CVE-2016-1000340 json | In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squa... | 7.5 - HIGH | 2018-06-04 | 2020-10-20 |
| CVE-2016-1000339 json | In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to th... | 5.3 - MEDIUM | 2018-06-04 | 2020-10-20 |
Known software with vulnerabilities from Bouncycastle
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bouncycastle | Fips Java Api | 1.0.1 |
| Application | Bouncycastle | Legion-of-the-bouncy-castle | 1.00 |
| Application | Bouncycastle | Legion-of-the-bouncy-castle-c-cryptography-api | 0.0 |
| Application | Bouncycastle | Legion-of-the-bouncy-castle-c-crytography-api | 0.0 |
| Application | Bouncycastle | Legion-of-the-bouncy-castle-fips-java-api | 1.0.1.2 |
| Application | Bouncycastle | Legion-of-the-bouncy-castle-java-crytography-api | 1.01 |