Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMjZwLW01NTktZzVqNc2uOw
Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
Permalink: https://github.com/advisories/GHSA-m26p-m559-g5j5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMjZwLW01NTktZzVqNc2uOw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 8 months ago
Identifiers: GHSA-m26p-m559-g5j5, CVE-2007-6721
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-6721
- http://www.bouncycastle.org/devmailarchive/msg08195.html
- https://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp/
- https://web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.html
- https://github.com/advisories/GHSA-m26p-m559-g5j5
Affected Packages
maven:bouncycastle:bcprov-jdk16
Dependent packages: 44Dependent repositories: 288
Downloads:
Affected Version Ranges: < 1.38
Fixed in: 1.38
All affected versions:
All unaffected versions:
maven:bouncycastle:bcprov-jdk15
Dependent packages: 145Dependent repositories: 875
Downloads:
Affected Version Ranges: < 1.38
Fixed in: 1.38
All affected versions:
All unaffected versions:
maven:bouncycastle:bcprov-jdk14
Dependent packages: 42Dependent repositories: 162
Downloads:
Affected Version Ranges: < 1.38
Fixed in: 1.38
All affected versions:
All unaffected versions: