VYPR
Moderate severityNVD Advisory· Published May 20, 2021· Updated Aug 4, 2024

CVE-2020-15522

CVE-2020-15522

Description

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bc-fipsMaven
< 1.0.2.11.0.2.1
org.bouncycastle:bcprov-ext-jdk15onMaven
< 1.661.66
org.bouncycastle:bcprov-ext-jdk16Maven
< 1.661.66
org.bouncycastle:bcprov-jdk14Maven
< 1.661.66
org.bouncycastle:bcprov-jdk15Maven
< 1.661.66
org.bouncycastle:bcprov-jdk15onMaven
< 1.661.66
org.bouncycastle:bcprov-jdk15to18Maven
< 1.661.66
org.bouncycastle:bcprov-jdk16Maven
< 1.661.66
BouncyCastleNuGet
< 1.8.71.8.7

Affected products

21

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.