org.bouncycastle:bc-fips@1.0.1 vulnerabilities
-
latest version
1.0.2.4
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
7 months ago
-
licenses detected
- [1.0.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.bouncycastle:bc-fips package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') within the How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,1.0.2.4)
|
Affected versions of this package are vulnerable to Improper Authentication. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules, where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. Note: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. How to fix Improper Authentication? Upgrade |
[,1.0.2.4)
|
Affected versions of this package are vulnerable to Timing Attack. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. How to fix Timing Attack? Upgrade |
[1.0.2,1.0.2.1)
[,1.0.1.2)
|