VYPR
Medium severity5.9GHSA Advisory· Published May 14, 2024· Updated Apr 15, 2026

CVE-2024-30171

CVE-2024-30171

Description

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bctls-fipsMaven
< 1.0.191.0.19
org.bouncycastle:bcprov-jdk18onMaven
< 1.781.78
org.bouncycastle:bcprov-jdk15onMaven
< 1.781.78
org.bouncycastle:bcprov-jdk15to18Maven
< 1.781.78
org.bouncycastle:bcprov-jdk14Maven
< 1.781.78
org.bouncycastle:bctls-jdk18onMaven
< 1.781.78
org.bouncycastle:bctls-jdk14Maven
< 1.781.78
org.bouncycastle:bctls-jdk15to18Maven
< 1.781.78
BouncyCastleNuGet
>= 0
BouncyCastle.CryptographyNuGet
< 2.3.12.3.1

Affected products

214

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.