CVE-2024-30171

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

Description

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Java

Publish Date

May 14, 2024

Modified Date

October 22, 2024

Score Vector

Affected Versions