Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMjZwLW01NTktZzVqNc2uOw
Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
Permalink: https://github.com/advisories/GHSA-m26p-m559-g5j5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMjZwLW01NTktZzVqNc2uOw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 2 months ago
Identifiers: GHSA-m26p-m559-g5j5, CVE-2007-6721
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-6721
- http://www.bouncycastle.org/devmailarchive/msg08195.html
- https://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp/
- https://web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.html
- https://github.com/advisories/GHSA-m26p-m559-g5j5
Affected Packages
maven:bouncycastle:bcprov-jdk16
Versions: < 1.38Fixed in: 1.38
maven:bouncycastle:bcprov-jdk15
Versions: < 1.38Fixed in: 1.38
maven:bouncycastle:bcprov-jdk14
Versions: < 1.38Fixed in: 1.38