pkg:Debian/bouncycastle

45 total CVEsCRITICAL1HIGH10MEDIUM16LOW4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2018-1000613Deserialization of Untrusted Data in Bouncy castle
    from 0, < 1.60-1
  • HIGH8.1CVE-2020-28052Logic error in Legion of the Bouncy Castle BC Java
    from 0, < 1.65-2
  • HIGH7.5CVE-2016-1000343In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
    from 0, < 1.56-1
  • HIGH7.5CVE-2016-1000342In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
    from 0, < 1.56-1
  • HIGH7.5CVE-2016-1000340The Bouncy Castle JCE Provider carry a propagation bug
    from 0, < 1.56-1
  • HIGH7.5CVE-2016-1000338In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
    from 0, < 1.49+dfsg-3+deb8u3
  • HIGH7.5CVE-2016-1000338In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
    from 0, < 1.56-1
  • HIGH7.5CVE-2018-1000180bouncycastle - security update
    from 0, < 1.59-2
  • HIGH7.5CVE-2018-1000180bouncycastle - security update
    from 0, < 1.56-1+deb9u2
  • HIGH7.4CVE-2016-1000344In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
    from 0, < 1.56-1
  • HIGH7.4CVE-2016-1000352In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
    from 0, < 1.56-1
  • MEDIUM5.9CVE-2024-30171Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
    from 0
  • MEDIUM5.9CVE-2024-34447Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
    from 0
  • MEDIUM5.9CVE-2017-13098bouncycastle - security update
    from 0, < 1.56-1+deb9u1
  • MEDIUM5.9CVE-2017-13098bouncycastle - security update
    from 0, < 1.58-1
  • MEDIUM5.9CVE-2016-1000345Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
    from 0, < 1.56-1
  • MEDIUM5.9CVE-2016-1000341Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
    from 0, < 1.56-1
  • MEDIUM5.5CVE-2023-33202Bouncy Castle Denial of Service (DoS)
    from 0
  • MEDIUM5.3CVE-2024-30172Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
    from 0
  • MEDIUM5.3CVE-2024-29857Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
    from 0
  • MEDIUM5.3CVE-2023-33201bouncycastle - security update
    from 0, < 1.60-1+deb10u1
  • MEDIUM5.3CVE-2023-33201bouncycastle - security update
    from 0
  • MEDIUM5.3CVE-2020-26939Observable Differences in Behavior to Error Inputs in Bouncy Castle
    from 0, < 1.61-1
  • MEDIUM5.3CVE-2020-26939Observable Differences in Behavior to Error Inputs in Bouncy Castle
    from 0, < 1.56-1+deb9u3
  • MEDIUM5.3CVE-2016-1000339Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
    from 0, < 1.56-1
  • MEDIUM5.1CVE-2020-15522Timing based private key exposure in Bouncy Castle
    from 0, < 1.68-1
  • MEDIUM4.4CVE-2018-5382Improper Validation of Integrity Check Value in Bouncy Castle
    from 0, < 1.48+dfsg-2
  • LOW3.7CVE-2016-1000346In Bouncy Castle JCE Provider the other party DH public key is not fully validated
    from 0, < 1.56-1
  • LOW3.3CVE-2015-6644bouncycastle - security update
    from 0, < 1.49+dfsg-3+deb8u2
  • LOW3.3CVE-2015-6644bouncycastle - security update
    from 0, < 1.54-1
  • LOW3.3CVE-2015-6644bouncycastle - security update
    from 0, < 1.44+dfsg-3.1+deb7u2
  • CVE-2026-3505Bouncy Castle Uncontrolled Resource Consumption vulnerability
    from 0
  • CVE-2026-0636Bouncy Castle has an LDAP injection
    from 0
  • CVE-2026-5598Bouncy Castle Has Covert Timing Channel Vulnerability
    from 0
  • CVE-2026-5588Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules
    from 0
  • CVE-2025-12194Bouncy Castle Vulnerable to Uncontrolled Resource Consumption
    from 0
  • CVE-2025-8916Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation
    from 0
  • CVE-2025-8885Bouncy Castle for Java on All (API modules) allows Excessive Allocation
    from 0
  • CVE-2013-1624Improper Input Validation in Bouncy Castle
    from 0, < 1.48+dfsg-2
  • CVE-2007-6721Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
    from 0, < 1.38-1
  • CVE-2015-7940Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
    from 0, < 1.51-1
  • CVE-2015-7940Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
    from 0, < 1.44+dfsg-2+deb6u1
  • CVE-2015-7940Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
    from 0, < 1.44+dfsg-3.1+deb7u1
  • CVE-2013-0169polarssl - several
    from 0, < 1.48+dfsg-2
  • CVE-2011-3389curl - several
    from 0, < 1.49+dfsg-1