Vulnerabilities	4 via 192 paths
Dependencies	61
Source	GitHub
Commit	bb7b45d5

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Severity

Critical
High
1
Medium
3
Low

Status

Open
4
Patched
0
Ignored
0

high severity

Infinite loop

Vulnerable module: org.bouncycastle:bcprov-jdk18on
Introduced through: org.apache.activemq:artemis-server@2.33.0 and org.apache.activemq:artemis-jms-server@2.33.0

Detailed paths

Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77

Overview

Affected versions of this package are vulnerable to Infinite loop in ED25519 verification in the ScalarUtil class. An attacker can send a malicious signature and public key to trigger denial of service.

Remediation

Upgrade org.bouncycastle:bcprov-jdk18on to version 1.78 or higher.

References

Infinite loop vulnerability report

medium severity

Observable Discrepancy

Vulnerable module: org.bouncycastle:bcprov-jdk18on
Introduced through: org.apache.activemq:artemis-server@2.33.0 and org.apache.activemq:artemis-jms-server@2.33.0

Detailed paths

Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77

Overview

Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin.

Note: The implemented fix mitigates the leakage of data via the PKCS#1 interface, but does not fully alleviate the side-channel as it allows cases in which the padding check fails but the handshake succeeds.

Remediation

Upgrade org.bouncycastle:bcprov-jdk18on to version 1.78 or higher.

References

Observable Discrepancy vulnerability report

medium severity

Observable Timing Discrepancy

Vulnerable module: org.bouncycastle:bcprov-jdk18on
Introduced through: org.apache.activemq:artemis-server@2.33.0 and org.apache.activemq:artemis-jms-server@2.33.0

Detailed paths

Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77

Overview

Affected versions of this package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process. An attacker can recover ciphertexts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher exceptions and the OAEP interface vector leaks via the bit size of the decrypted data.

Remediation

Upgrade org.bouncycastle:bcprov-jdk18on to version 1.78 or higher.

References

Observable Timing Discrepancy vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: org.bouncycastle:bcprov-jdk18on
Introduced through: org.apache.activemq:artemis-server@2.33.0 and org.apache.activemq:artemis-jms-server@2.33.0

Detailed paths

Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-service-extensions@2.33.0 › org.apache.activemq:artemis-jms-client@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77
Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#bb7b45d571a7eb880f1d65127b1461cad55ad34d › org.apache.activemq:artemis-jms-server@2.33.0 › org.apache.activemq:artemis-server@2.33.0 › org.apache.activemq:artemis-jdbc-store@2.33.0 › org.apache.activemq:artemis-core-client@2.33.0 › de.dentrassi.crypto:pem-keystore@2.3.0 › org.bouncycastle:bcpkix-jdk18on@1.77 › org.bouncycastle:bcutil-jdk18on@1.77 › org.bouncycastle:bcprov-jdk18on@1.77

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the solveQuadraticEquation() function used for certificate verification in ECCurve.java. Passing a large f2m parameter can cause excessive CPU consumption.

Remediation

Upgrade org.bouncycastle:bcprov-jdk18on to version 1.78 or higher.

References

GitHub Commit

Allocation of Resources Without Limits or Throttling vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

high severity

Infinite loop

Detailed paths

Overview

Remediation

References

medium severity

Observable Discrepancy

Detailed paths

Overview

Remediation

References

medium severity

Observable Timing Discrepancy

Detailed paths

Overview

Remediation

References

medium severity

Allocation of Resources Without Limits or Throttling

Detailed paths

Overview

Remediation

References