VYPR

Maven package

org.bouncycastle/bcprov-ext-jdk15on

pkg:maven/org.bouncycastle/bcprov-ext-jdk15on

Vulnerabilities (5)

  • CVE-2023-33202Nov 23, 2023
    affected < 1.73fixed 1.73

    Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a f

  • CVE-2023-33201Jul 5, 2023
    affected >= 1.49, <= 1.70

    Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certif

  • CVE-2020-15522May 20, 2021
    affected < 1.66fixed 1.66

    Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the ge

  • CVE-2020-28052Dec 18, 2020
    affected >= 1.65, < 1.67fixed 1.67

    An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were diffe

  • CVE-2020-26939Nov 2, 2020
    affected < 1.61fixed 1.61

    In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending inval