mirrored from https://www.bouncycastle.org/repositories/bc-java
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
CVE 2020 26939
dghgit edited this page Nov 2, 2020
·
5 revisions
Issue affecting: BC-FJA 1.0.0, BC-FJA 1.0.1, BC 1.54 or earlier.
Fixed versions: BC-FJA 1.0.1.2, BC-FJA 1.0.2 and later, BC 1.55 or later
Issue: CWE-203: Observable Differences in Behavior to Error Inputs
Sending an invalid cipher text which decrypted to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
See commit https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1 for the changes.