CVE-2020-15522

Опубликовано: 20 мая 2021

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Quarkus	bouncycastle	Not affected
Red Hat CodeReady Studio 12	bouncycastle	Will not fix
Red Hat Decision Manager 7	bouncycastle	Not affected
Red Hat Developer Tools	rh-eclipse-bouncycastle	Affected
Red Hat Enterprise Linux 9	bouncycastle	Not affected
Red Hat Fuse 7	karaf	Not affected
Red Hat Fuse 7	spring-boot-2	Not affected
Red Hat JBoss Enterprise Application Platform 7	bouncycastle	Not affected
Red Hat OpenShift Application Runtimes	bouncycastle	Affected
Red Hat Process Automation 7	bouncycastle	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-367

https://bugzilla.redhat.com/show_bug.cgi?id=1962879bouncycastle: Timing issue within the EC math library

EPSS

Процентиль: 60%

0.00403

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2020-15522

CVSS3: 5.9

ubuntu

больше 4 лет назад

CVE-2020-15522

CVSS3: 5.9

nvd

больше 4 лет назад

CVE-2020-15522

CVSS3: 5.9

debian

больше 4 лет назад

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...

openSUSE-SU-2021:2163-1

suse-cvrf

больше 4 лет назад

Security update for bouncycastle

openSUSE-SU-2021:0940-1

suse-cvrf

больше 4 лет назад

Security update for bouncycastle

EPSS

Процентиль: 60%

0.00403

Низкий

5.9 Medium

CVSS3