Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Address CVE-2020-15522

Description

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

Acceptance / Success Criteria

None

Activity

Show:

Christian Pape June 18, 2024 at 11:00 AM

Merged.

Christian Pape June 11, 2024 at 7:00 AM

Christian Pape June 7, 2024 at 6:58 AM

Wow! A power of two. It will be a while before we have the next one.

Benjamin Reed March 25, 2024 at 2:36 PM

This will most likely be resolved by the work being done in , leaving open until that is complete so I can confirm old bouncycastle jars no longer get shipped.

Fixed

Details

Assignee

Reporter

HB Grooming Date

HB Backlog Status

Sprint

Fix versions

Affects versions

Priority

Parent

PagerDuty

Created March 19, 2024 at 11:12 AM
Updated July 8, 2024 at 4:41 PM
Resolved June 18, 2024 at 11:00 AM