CVE-2020-15522

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-15522

Severity

5.9

Medium

CVSS V3

Description

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

References

https://images.chainguard.dev/security/CGA-3544-c7xc-jx43
https://github.com/advisories/GHSA-6xx3-rg99-gc3p
https://images.chainguard.dev/security/CGA-p736-f9r6-77r7
https://images.chainguard.dev/security/CGA-8642-mc5f-867h
https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522
https://github.com/bcgit/bc-java/wiki/CVE-2020-15522
https://security.netapp.com/advisory/ntap-20210622-0007/
https://www.bouncycastle.org/releasenotes.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2020-15522

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company