Vulnerabilities

1 via 9 paths

Dependencies

110

Source

GitHub

Commit

f98dfa10

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Observable Timing Discrepancy

  • Vulnerable module: org.bouncycastle:bcprov-jdk15to18
  • Introduced through: com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1

Detailed paths

  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcpkix-jdk15to18@1.74 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcpkix-jdk15to18@1.74 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcpkix-jdk15to18@1.74 org.bouncycastle:bcutil-jdk15to18@1.74 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcpkix-jdk15to18@1.74 org.bouncycastle:bcutil-jdk15to18@1.74 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcpkix-jdk15to18@1.74 org.bouncycastle:bcprov-jdk15to18@1.74
  • Introduced through: laserdisc-io/tamer@laserdisc-io/tamer#f98dfa10bfb66ae9be315ad5e0cdc7990424cc09 com.oracle.oci.sdk:oci-java-sdk-objectstorage@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-extensions@3.37.1 com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated@3.37.1 com.oracle.oci.sdk:oci-java-sdk-common@3.37.1 org.bouncycastle:bcpkix-jdk15to18@1.74 org.bouncycastle:bcutil-jdk15to18@1.74 org.bouncycastle:bcprov-jdk15to18@1.74

Overview

org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms.

Affected versions of this package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process. An attacker can recover ciphertexts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher exceptions and the OAEP interface vector leaks via the bit size of the decrypted data.

Remediation

There is no fixed version for org.bouncycastle:bcprov-jdk15to18.

References