VDB

DEBIAN-CVE-2020-15522

DEBIAN-CVE-2020-15522 PUBLISHED CVSS 5.900000095367432 MEDIUM

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:12bouncycastle0, 0, 0
Debian:14bouncycastle0, 0, 0
Debian:11bouncycastle0, 0, 0
Debian:13bouncycastle0, 0, 0

Timeline

  • May 20, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›