← Volver a CVEs
CVE-2020-15522
MEDIUM5.9
Descripcion
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
Detalles CVE
Puntuacion CVSS v3.15.9
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/20/2021
Ultima modificacion7/17/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
bouncycastle:bc-csharpbouncycastle:bouncy_castle_fips_.net_apibouncycastle:fips_java_apibouncycastle:the_bouncy_castle_crypto_package_for_java
Debilidades (CWE)
CWE-362
Referencias
https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522(cve@mitre.org)
https://github.com/bcgit/bc-java/wiki/CVE-2020-15522(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20210622-0007/(cve@mitre.org)
https://www.bouncycastle.org/releasenotes.html(cve@mitre.org)
https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/bcgit/bc-java/wiki/CVE-2020-15522(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210622-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.bouncycastle.org/releasenotes.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.