CVE-2020-26939 - In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, - CVEs Blog

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939

Reference (s):

https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
MLIST:[solr-issues] 20210525 [jira] [Created] (SOLR-15431) Security vulnerability with Bouncy Castle library within Apache Solr 8.8.2
URL: https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E

CVE-2020-26939 – In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2,

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27207 - Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlci

CVE-2020-26408 - A limited information disclosure vulnerability exists in Gitlab CE/EE fro

Categories

Partners

Just add here your partners image or promo text