Описание
Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 8 | bc-fips | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | bc-fips | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2390279org.bouncycastle/bc-fips: native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output.
EPSS
Процентиль: 4%
0.0002
Низкий
5.9 Medium
CVSS3
Связанные уязвимости
nvd
26 дней назад
Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.
EPSS
Процентиль: 4%
0.0002
Низкий
5.9 Medium
CVSS3