Moderate severityNVD Advisory· Published Nov 21, 2022· Updated Aug 3, 2024
CVE-2022-45146
CVE-2022-45146
Description
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bc-fipsMaven | < 1.0.2.4 | 1.0.2.4 |
Affected products
93- Bouncy Castle/BC-FJAdescription
- osv-coords92 versionspkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-bitnamipkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/elasticsearch-8pkg:apk/chainguard/elasticsearch-8-bitnamipkg:apk/chainguard/elasticsearch-8-configpkg:apk/chainguard/elasticsearch-8-iamguardedpkg:apk/chainguard/elasticsearch-configpkg:apk/chainguard/opensearch-2pkg:apk/chainguard/opensearch-2-alertingpkg:apk/chainguard/opensearch-2-analysis-icupkg:apk/chainguard/opensearch-2-analysis-kuromojipkg:apk/chainguard/opensearch-2-analysis-noripkg:apk/chainguard/opensearch-2-analysis-phoneticpkg:apk/chainguard/opensearch-2-analysis-smartcnpkg:apk/chainguard/opensearch-2-analysis-stempelpkg:apk/chainguard/opensearch-2-analysis-ukrainianpkg:apk/chainguard/opensearch-2-anomaly-detectionpkg:apk/chainguard/opensearch-2-asynchronous-searchpkg:apk/chainguard/opensearch-2-cross-cluster-replicationpkg:apk/chainguard/opensearch-2-crypto-kmspkg:apk/chainguard/opensearch-2-custom-codecspkg:apk/chainguard/opensearch-2-discovery-azure-classicpkg:apk/chainguard/opensearch-2-discovery-ec2pkg:apk/chainguard/opensearch-2-discovery-gcepkg:apk/chainguard/opensearch-2-entrypoint-compatpkg:apk/chainguard/opensearch-2-geospatialpkg:apk/chainguard/opensearch-2-identity-shiropkg:apk/chainguard/opensearch-2-index-managementpkg:apk/chainguard/opensearch-2-ingest-attachmentpkg:apk/chainguard/opensearch-2-job-schedulerpkg:apk/chainguard/opensearch-2-k-nnpkg:apk/chainguard/opensearch-2-mapper-annotated-textpkg:apk/chainguard/opensearch-2-mapper-murmur3pkg:apk/chainguard/opensearch-2-mapper-sizepkg:apk/chainguard/opensearch-2-ml-commonspkg:apk/chainguard/opensearch-2-neural-searchpkg:apk/chainguard/opensearch-2-notificationspkg:apk/chainguard/opensearch-2-observabilitypkg:apk/chainguard/opensearch-2-performance-analyzerpkg:apk/chainguard/opensearch-2-reportingpkg:apk/chainguard/opensearch-2-repository-azurepkg:apk/chainguard/opensearch-2-repository-gcspkg:apk/chainguard/opensearch-2-repository-s3pkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/opensearch-2-security-analyticspkg:apk/chainguard/opensearch-2-sqlpkg:apk/chainguard/opensearch-2-store-smbpkg:apk/chainguard/opensearch-2-telemetry-otelpkg:apk/chainguard/opensearch-2-transport-niopkg:apk/wolfi/opensearch-2pkg:apk/wolfi/opensearch-2-alertingpkg:apk/wolfi/opensearch-2-analysis-icupkg:apk/wolfi/opensearch-2-analysis-kuromojipkg:apk/wolfi/opensearch-2-analysis-noripkg:apk/wolfi/opensearch-2-analysis-phoneticpkg:apk/wolfi/opensearch-2-analysis-smartcnpkg:apk/wolfi/opensearch-2-analysis-stempelpkg:apk/wolfi/opensearch-2-analysis-ukrainianpkg:apk/wolfi/opensearch-2-anomaly-detectionpkg:apk/wolfi/opensearch-2-asynchronous-searchpkg:apk/wolfi/opensearch-2-cross-cluster-replicationpkg:apk/wolfi/opensearch-2-crypto-kmspkg:apk/wolfi/opensearch-2-custom-codecspkg:apk/wolfi/opensearch-2-discovery-azure-classicpkg:apk/wolfi/opensearch-2-discovery-ec2pkg:apk/wolfi/opensearch-2-discovery-gcepkg:apk/wolfi/opensearch-2-geospatialpkg:apk/wolfi/opensearch-2-identity-shiropkg:apk/wolfi/opensearch-2-index-managementpkg:apk/wolfi/opensearch-2-ingest-attachmentpkg:apk/wolfi/opensearch-2-job-schedulerpkg:apk/wolfi/opensearch-2-k-nnpkg:apk/wolfi/opensearch-2-mapper-annotated-textpkg:apk/wolfi/opensearch-2-mapper-murmur3pkg:apk/wolfi/opensearch-2-mapper-sizepkg:apk/wolfi/opensearch-2-ml-commonspkg:apk/wolfi/opensearch-2-neural-searchpkg:apk/wolfi/opensearch-2-notificationspkg:apk/wolfi/opensearch-2-observabilitypkg:apk/wolfi/opensearch-2-performance-analyzerpkg:apk/wolfi/opensearch-2-reportingpkg:apk/wolfi/opensearch-2-repository-azurepkg:apk/wolfi/opensearch-2-repository-gcspkg:apk/wolfi/opensearch-2-repository-s3pkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/opensearch-2-security-analyticspkg:apk/wolfi/opensearch-2-sqlpkg:apk/wolfi/opensearch-2-store-smbpkg:apk/wolfi/opensearch-2-telemetry-otelpkg:apk/wolfi/opensearch-2-transport-niopkg:maven/org.bouncycastle/bc-fips
< 7.17.15-r0+ 91 more
- (no CPE)range: < 7.17.15-r0
- (no CPE)range: < 7.17.15-r0
- (no CPE)range: < 7.17.15-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 1.0.2.4
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.