com.madgag.spongycastle:bctls-jdk15on@1.58.0.0 vulnerabilities

latest version

1.58.0.0
first published

7 years ago
latest version published

7 years ago
licenses detected
- MIT
  [1.56.0.0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.madgag.spongycastle:bctls-jdk15on package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M TLS Padding Oracle `org.bouncycastle:bctls-jdk15on` BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as ROBOT. How to fix TLS Padding Oracle? Upgrade `org.bouncycastle:bctls-jdk15on` to version 1.59 or higher.	[,1.59)

TLS Padding Oracle

org.bouncycastle:bctls-jdk15on

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as ROBOT.

How to fix TLS Padding Oracle?

Upgrade org.bouncycastle:bctls-jdk15on to version 1.59 or higher.

[,1.59)

Go back to all versions of this package

com.madgag.spongycastle:bctls-jdk15on@1.58.0.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities