CGA-8642-mc5f-867h

Published

Last updated

https://images.chainguard.dev/security/CGA-8642-mc5f-867h

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2020-15522
GHSA-6xx3-rg99-gc3p

Severity

Unknown

Summary

Timing based private key exposure in Bouncy Castle

Description

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-15522
https://github.com/advisories/GHSA-6xx3-rg99-gc3p
https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522
https://github.com/bcgit/bc-java/wiki/CVE-2020-15522
https://security.netapp.com/advisory/ntap-20210622-0007
https://www.bouncycastle.org/releasenotes.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-8642-mc5f-867h

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources