An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.bouncycastle:bctls-fips(Maven) | 0 | 1.0.19 | N/A |
| org.bouncycastle:bcprov-jdk18on(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bcprov-jdk15on(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bcprov-jdk15to18(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bcprov-jdk14(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bctls-jdk18on(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bctls-jdk14(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bctls-jdk15to18(Maven) | 0 | 1.78 | N/A |
| BouncyCastle(NuGet) | 0 | N/A | N/A |
| BouncyCastle.Cryptography(NuGet) | 0 | 2.3.1 | N/A |
CVSS Metrics
