Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.

Published

2020-11-02T22:15:13.393

Last Modified

2025-07-17T17:04:58.987

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bouncycastle	fips_java_api	< 1.0.1.2	Yes
Application	bouncycastle	legion-of-the-bouncy-castle	< 1.61	Yes

References

https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 Patch, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E ([email protected])
https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)