CVE-2020-15522 — Race Condition in Bouncy Castle Fips NET API

CWE-362 — Race Condition CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition CWE-203 — Observable Discrepancy7 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 31.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bouncycastle Bc-csharp Bouncycastle Bouncy Castle Fips NET API Bouncycastle Fips Java API +1 more

Timeline

PublishedMay 20

Latest updateAug 13

Description

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDbouncycastle/fips_java_api1.0.2 — 1.0.2.1+1

▶NVDbouncycastle/bc-csharp< 1.8.7

▶NVDbouncycastle/bouncy_castle_fips_net_api< 1.0.1.1

▶NVDbouncycastle/the_bouncy_castle_crypto_package< 1.66

🔴Vulnerability Details

OSV

Timing based private key exposure in Bouncy Castle↗2021-08-13

▶

GHSA

Timing based private key exposure in Bouncy Castle↗2021-08-13

▶

OSV

CVE-2020-15522: Bouncy Castle BC Java before 1↗2021-05-20

▶

CVEList

CVE-2020-15522: Bouncy Castle BC Java before 1↗2021-05-20

▶

📋Vendor Advisories

Red Hat

bouncycastle: Timing issue within the EC math library↗2021-05-20

▶

Debian

CVE-2020-15522: bouncycastle - Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1....↗2020

▶