Bouncycastle

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-13098 1Bouncycastle 1Bc Java May 13, 2026 Dec 13, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is...Show more BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."Show less
CVE-2016-2427 2Bouncycastle Google 2Android Bc Java May 6, 2026 Apr 18, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and...Show more The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed.Show less
CVE-2015-7940 3Bouncycastle OpensuseOracle 7Application Testing Suite Bouncy Castle Crypto PackageEnterprise Manager Ops Center+4 more May 6, 2026 Nov 9, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman...Show more The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."Show less
CVE-2013-1624 1Bouncycastle 2Bc Java Legion Of The Bouncy Castle C# Cryptography Api Apr 29, 2026 Feb 8, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malform...Show more The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.Show less
CVE-2007-6721 1Bouncycastle 2Bc Java Bouncy Castle Crypto Package Apr 23, 2026 Mar 30, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple...Show more The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."Show less

Previous 12