PT-2024-23223 · Bouncy Castle+4 · Bouncy Castle Java Tls Api/Jsse Provider+4

David Hook

·

Published

2024-05-07

·

Updated

2026-04-01

·

CVE-2024-30171

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Bouncy Castle Java TLS API and JSSE Provider versions prior to 1.78
Description An issue may cause timing-based leakage in RSA based handshakes due to exception processing.
Recommendations For versions prior to 1.78, update to version 1.78 or later to resolve the issue.

Exploit

Fix

Side Channel Attack

Weakness Enumeration

CWE-203

Related Identifiers

BDU:2025-14523
CLEANSTART-2026-IA43044
CVE-2024-30171
GHSA-V435-XC8X-WVR9
OPENSUSE-SU-2024:13914-1
OPENSUSE-SU-2024_1539-1
OPENSUSE-SU-2024_1539-2
RHSA-2024:5143
RHSA-2024:5144
RHSA-2024:5145
RHSA-2024:5479
RHSA-2024:5481
SUSE-SU-2024:1539-1
SUSE-SU-2024:1539-2
SUSE-SU-2024_1539-1
SUSE-SU-2024_1539-2
USN-8108-1

Affected Products

Bouncy Castle Java Tls Api/Jsse Provider
Debian
Linuxmint
Suse
Ubuntu