Peter Dettman

3 exploits Active since Dec 2017
CVE-2026-5598 WRITEUP CRITICAL WRITEUP
Non-constant time comparisons risk private key leakage in FrodoKEM.
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.84.
CVE-2026-5598 WRITEUP CRITICAL WRITEUP
Non-constant time comparisons risk private key leakage in FrodoKEM.
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.84.
CVE-2017-13098 WRITEUP HIGH WRITEUP
Bouncycastle Bc-java < 1.59 - Information Disclosure
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
CVSS 7.5