GHSA-p93r-85wp-75v3

Suggest an improvement
Source
https://github.com/advisories/GHSA-p93r-85wp-75v3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p93r-85wp-75v3
Aliases
  • CVE-2026-5598
Downstream
Related
Published
2026-04-17T18:31:50Z
Modified
2026-06-19T15:30:13.528521924Z
Severity
  • 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red CVSS Calculator
Summary
Bouncy Castle Has Covert Timing Channel Vulnerability
Details

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java.

This issue only affects users of the FrodoKEM algorithm involved in the decryption of encapsulations.

This issue affects BC-JAVA: from 1.71 to 1.80.1, 1.81, 1.82 to 1.83.

Fixed versions: 1.80.2, 1.81.1, 1.84

Database specific
{
    "github_reviewed_at": "2026-04-25T23:25:24Z",
    "nvd_published_at": "2026-04-15T10:16:49Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-385"
    ],
    "severity": "HIGH"
}
References

Affected packages

Maven / org.bouncycastle:bcprov-jdk15to18

Package

Name
org.bouncycastle:bcprov-jdk15to18
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk15to18

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.71
Fixed
1.80.2

Affected versions

1.*
1.71
1.72
1.73
1.74
1.75
1.76
1.77
1.78
1.78.1
1.79
1.80

Database specific

source
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json"

Maven / org.bouncycastle:bcprov-jdk14

Package

Name
org.bouncycastle:bcprov-jdk14
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.81
Fixed
1.81.1

Affected versions

1.*
1.81

Database specific

source
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json"

Maven / org.bouncycastle:bcprov-jdk18on

Package

Name
org.bouncycastle:bcprov-jdk18on
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk18on

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.82
Fixed
1.84

Affected versions

1.*
1.82
1.83

Database specific

source
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json"