PT-2013-3285 · Bouncy Castle · Bouncy Castle C# Library+1

Publicado

2013-02-08

Atualizado

2025-05-12

CVE-2013-1624

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Bouncy Castle Java library versions prior to 1.48 Bouncy Castle C# library versions prior to 1.8

Description The issue concerns the TLS implementation in the Bouncy Castle libraries, which does not properly handle timing side-channel attacks during the processing of malformed CBC padding. This allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets.

Recommendations For Bouncy Castle Java library versions prior to 1.48, update to version 1.48 or later. For Bouncy Castle C# library versions prior to 1.8, update to version 1.8 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-310

Identificadores relacionados

CVE-2013-1624

GHSA-8353-FGCR-XFHX

Produtos afetados

Bouncy Castle C# Library

Bouncy Castle Java Library

PT-2013-3285 · Bouncy Castle · Bouncy Castle C# Library+1

CVE-2013-1624

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15