Fips Java Api
CVE-2020-26939
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 74 maven packages depend on org.bouncycastle:bc-fips (20 direct, 55 indirect)
- 81 maven packages depend on org.bouncycastle:bcprov-ext-jdk15on (14 direct, 68 indirect)
- 6 maven packages depend on org.bouncycastle:bcprov-jdk14 (5 direct, 1 indirect)
- 2,361 maven packages depend on org.bouncycastle:bcprov-jdk15on (202 direct, 2,164 indirect)
Ecosystem-wide dependent count for version 1.0.2 and other introduced versions.
DescriptionNVD
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
AnalysisAI
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-203. In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. Affected products include: Bouncycastle Fips Java Api, Bouncycastle Legion-Of-The-Bouncy-Castle. Version information: before 1.61.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Fips Java Api
View allBouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bounc
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Rated medium severity (CVSS 5.5), t
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key p
Same weakness CWE-203 – Observable Discrepancy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today