Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-26939

Good to know:

icon

Date: November 2, 2020

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.

Language: Java

Severity Score

Related Resources (8)

https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
https://security.netapp.com/advisory/ntap-20201202-0005
https://nvd.nist.gov/vuln/detail/CVE-2020-26939
https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
https://www.mend.io/vulnerability-database/CVE-2020-26939

Severity Score

Weakness Type (CWE)

Observable Discrepancy

CWE-203

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH
Additional information:

Do you need more information?

Contact Us