CVE-2024-30171
MEDIUMBouncy Castle Java TLS API & JSSE Provider <1.78 - Info Disclosure
Title source: llmDescription
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
References (4)
Core 4
Core References
Various Sources
https://www.bouncycastle.org/latest_releases.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240614-0008/
Third Party Advisory
https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
Third Party Advisory
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
Scores
CVSS v3
5.9
EPSS
0.0090
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (10)
nuget/BouncyCastle
0NuGet
nuget/BouncyCastle.Cryptography
0 - 2.3.1NuGet
org.bouncycastle/bcprov-jdk14
0 - 1.78Maven
org.bouncycastle/bcprov-jdk15on
0 - 1.78Maven
org.bouncycastle/bcprov-jdk15to18
0 - 1.78Maven
org.bouncycastle/bcprov-jdk18on
0 - 1.78Maven
org.bouncycastle/bctls-fips
0 - 1.0.19Maven
org.bouncycastle/bctls-jdk14
0 - 1.78Maven
org.bouncycastle/bctls-jdk15to18
0 - 1.78Maven
org.bouncycastle/bctls-jdk18on
0 - 1.78Maven
Published
May 14, 2024
Tracked Since
Feb 18, 2026