org.bouncycastle:bcprov-jdk18on@1.74 vulnerabilities
-
latest version
1.78
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
a month ago
-
licenses detected
- [1.71,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.bouncycastle:bcprov-jdk18on package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,1.78)
|
Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin. Note: The implemented fix mitigates the leakage of data via the PKCS#1 interface, but does not fully alleviate the side-channel as it allows cases in which the padding check fails but the handshake succeeds. How to fix Observable Discrepancy? Upgrade |
[,1.78)
|
Affected versions of this package are vulnerable to Infinite loop in ED25519 verification in the How to fix Infinite loop? Upgrade |
[1.71,1.78)
|
Affected versions of this package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process. An attacker can recover ciphertexts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via How to fix Observable Timing Discrepancy? Upgrade |
[,1.78)
|