FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

The Bouncy Castle Crypto APIs -- EC math vulnerability

Affected packages
bouncycastle15 < 1.66
bouncycastle < 1.66

Details

VuXML ID 89d5bca6-0150-11ec-bf0c-080027eedc6a
Discovery 2020-07-04
Entry 2021-08-20

The Bouncy Castle team reports::

Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

[source]

References

CVE Name CVE-2020-15522
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.