Find, fix and prevent vulnerabilities in your code.
medium severity
new
- Vulnerable module: org.bouncycastle:bcprov-jdk15to18
- Introduced through: com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1
Detailed paths
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcpkix-jdk15to18@1.74 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcpkix-jdk15to18@1.74 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcpkix-jdk15to18@1.74 › org.bouncycastle:bcutil-jdk15to18@1.74 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcpkix-jdk15to18@1.74 › org.bouncycastle:bcutil-jdk15to18@1.74 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcpkix-jdk15to18@1.74 › org.bouncycastle:bcprov-jdk15to18@1.74
-
Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 › com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 › com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 › org.bouncycastle:bcpkix-jdk15to18@1.74 › org.bouncycastle:bcutil-jdk15to18@1.74 › org.bouncycastle:bcprov-jdk15to18@1.74
Overview
org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process. An attacker can recover ciphertexts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher
exceptions and the OAEP interface vector leaks via the bit size of the decrypted data.
Remediation
There is no fixed version for org.bouncycastle:bcprov-jdk15to18
.