CVE-2007-6721

EPSS 0.86%

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability

Published: 5/1/2022Modified: 11/8/2023

Also known as:GHSA-m26p-m559-g5j5DEBIAN-CVE-2007-6721

Description

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

Affected packages (4)

Debian/bouncycastlefrom 0, < 1.38-1
Maven/bouncycastle:bcprov-jdk14from 0, < 1.38
Maven/bouncycastle:bcprov-jdk15from 0, < 1.38
Maven/bouncycastle:bcprov-jdk16from 0, < 1.38

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-6721
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-6721
PATCHhttps://github.com/bcgit/bc-java
WEBhttps://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp
WEBhttps://web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.html
WEBhttp://www.bouncycastle.org/devmailarchive/msg08195.html