GHSA-m26p-m559-g5j5

Source

https://github.com/advisories/GHSA-m26p-m559-g5j5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m26p-m559-g5j5/GHSA-m26p-m559-g5j5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m26p-m559-g5j5

Aliases

CVE-2007-6721

Published

2022-05-01T18:45:52Z

Modified

2023-11-08T03:56:49.596672Z

Summary

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability

Details

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

Database specific

{
    "nvd_published_at": "2009-03-30T01:30:00Z",
    "cwe_ids": [
        "CWE-203"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-21T22:46:17Z"
}

References

Affected packages

Maven / bouncycastle:bcprov-jdk14

Package

Name: bouncycastle:bcprov-jdk14; View open source insights on deps.dev
Purl: pkg:maven/bouncycastle/bcprov-jdk14

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.38

Maven / bouncycastle:bcprov-jdk15

Package

Name: bouncycastle:bcprov-jdk15; View open source insights on deps.dev
Purl: pkg:maven/bouncycastle/bcprov-jdk15

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.38

Maven / bouncycastle:bcprov-jdk16

Package

Name: bouncycastle:bcprov-jdk16; View open source insights on deps.dev
Purl: pkg:maven/bouncycastle/bcprov-jdk16

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.38