Home

CVE-2020-15522

Description

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.57

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bc-fips 1.0.2.1Windows
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-jdk15on 1.66Windows
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-jdk15to18 1.66Windows
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-ext-jdk15on 1.66Windows
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-ext-jdk16 1.66Windows
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-jdk16 1.66Windows
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle - bcprov-jdk14 1.66Windows
Vulnerabilities CVE-2020-15522 are fixed in Nuget - BouncyCastle 1.8.7Windows
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle - bcprov-jdk15 1.66Windows
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2021:2163-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) bouncycastle-1.64-3.3.1.noarch.rpmLinux
SUSE-SU-2021:2163-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) bouncycastle-pg-1.64-3.3.1.noarch.rpmLinux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bc-fips for Linux 1.0.2.1Linux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-jdk15on for Linux 1.66Linux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-jdk15to18 for Linux 1.66Linux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-ext-jdk15on for Linux 1.66Linux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-ext-jdk16 for Linux 1.66Linux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle-bcprov-jdk16 for Linux 1.66Linux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle - bcprov-jdk14 for Linux 1.66Linux
Vulnerabilities CVE-2020-15522 are fixed in Nuget - BouncyCastle for Linux 1.8.7Linux
Vulnerabilities CVE-2020-15522 are fixed in BouncyCastle - bcprov-jdk15 for Linux 1.66Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234