CVE-2020-15522

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bouncycastle:bc-csharp:*:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_fips_.net_api:*:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-fips-java-api:*:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-fips-java-api:*:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-05-20 12:15

Updated : 2024-02-28 18:28


NVD link : CVE-2020-15522

Mitre link : CVE-2020-15522

CVE.ORG link : CVE-2020-15522


JSON object : View

Products Affected

bouncycastle

  • bc-csharp
  • the_bouncy_castle_crypto_package_for_java
  • bouncy_castle_fips_.net_api
  • legion-of-the-bouncy-castle-fips-java-api
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')