mirrored from https://www.bouncycastle.org/repositories/bc-java
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
CVE‐2024‐30171
David Hook edited this page May 11, 2024
·
4 revisions
Issue affecting: BC TLS Java 1.0.18 and earlier. BC C# .NET 2.3.0 and earlier.
Fixed versions: BC TLS Java 1.0.18. BC C# .NET 2.3.1
Platform affected: All JVMs. All CLRs.
Possible timing side-channel for RSA key exchange ("The Marvin Attack").
Fix Commits:
Java:
- https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
- https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
C# .NET