org.bouncycastle:bc-fips
Maven10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.bouncycastle:bc-fipspage 1 of 1
- CVE-2020-15522MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.0.2.12021-05-20
vulnerable: 1.0.0, 1.0.1, 1.0.2
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able…
- CVE-2020-26939MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.0.22020-11-02
vulnerable: 1.0.0, 1.0.1
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.cry…
- CVE-2022-45146MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.0.2.42022-11-21
vulnerable: 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, 1.0.2.3
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the …
- CVE-2024-29857HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.2.52024-05-14
vulnerable: 1.0.0 ... 1.0.2.4 (6 versions)
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can …
- CVE-2025-12194NONECVSS 0.0EG 0.0✓ Fixed in 2.1.22025-10-24
vulnerable: 2.1.0, 2.1.1
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) al…
- CVE-2025-8885NONECVSS 0.0EG 0.0✓ Fixed in 2.0.12025-08-12
vulnerable: 2.0.0
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allows Excessive Allocation. This vulnerabil…
- CVE-2025-9092NONECVSS 0.0EG 0.0✓ Fixed in 2.1.12025-08-16
vulnerable: 2.1.0
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycast…
- CVE-2025-9340NONECVSS 0.0EG 0.0✓ Fixed in 2.1.12025-08-22
vulnerable: 2.1.0
Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects…
- CVE-2025-9341NONECVSS 0.0EG 0.0✓ Fixed in 2.1.12025-08-22
vulnerable: 2.1.0
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) al…
- CVE-2026-8149MEDIUMCVSS 5.1EG 5.12026-05-08
vulnerable: 2.1.0, 2.1.1, 2.1.2
A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11.
Check whether org.bouncycastle:bc-fips is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.bouncycastle:bc-fips CVEs against the assets you own.
Start Free Scan →