FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

The Bouncy Castle Crypto APIs -- EC math vulnerability

Affected packages
bouncycastle15 < 1.66
bouncycastle < 1.66


VuXML ID 89d5bca6-0150-11ec-bf0c-080027eedc6a
Discovery 2020-07-04
Entry 2021-08-20

The Bouncy Castle team reports::

Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.


CVE Name CVE-2020-15522