High severityNVD Advisory· Published Mar 30, 2009· Updated Jun 16, 2026
CVE-2007-6721
CVE-2007-6721
Description
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bouncycastle:bcprov-jdk14Maven | < 1.38 | 1.38 |
bouncycastle:bcprov-jdk15Maven | < 1.38 | 1.38 |
bouncycastle:bcprov-jdk16Maven | < 1.38 | 1.38 |
Affected products
75cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*range: <=1.37
- cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*range: <=1.35
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34:*:*:*:*:*:*:*
- ghsa-coords3 versionspkg:maven/bouncycastle/bcprov-jdk14pkg:maven/bouncycastle/bcprov-jdk15pkg:maven/bouncycastle/bcprov-jdk16
< 1.38+ 2 more
- (no CPE)range: < 1.38
- (no CPE)range: < 1.38
- (no CPE)range: < 1.38
Patches
Vulnerability mechanics
References
11- www.bouncycastle.org/csharp/nvdPatchVendor Advisory
- www.bouncycastle.org/devmailarchive/msg08195.htmlnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-m26p-m559-g5j5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2007-6721ghsaADVISORY
- web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharpghsaWEB
- web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.htmlghsaWEB
- freshmeat.net/projects/bouncycastlecryptoapi/releases/265580nvd
- www.bouncycastle.org/releasenotes.htmlnvd
- www.osvdb.org/50358nvd
- www.osvdb.org/50359nvd
- www.osvdb.org/50360nvd
News mentions
0No linked articles in our index yet.