← Back to CVEs
CVE-2020-15522
MEDIUM5.9
Description
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
CVE Details
CVSS v3.1 Score5.9
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published5/20/2021
Last Modified7/17/2025
Sourcenvd
Honeypot Sightings0
Affected Products
bouncycastle:bc-csharpbouncycastle:bouncy_castle_fips_.net_apibouncycastle:fips_java_apibouncycastle:the_bouncy_castle_crypto_package_for_java
Weaknesses (CWE)
CWE-362
References
https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522(cve@mitre.org)
https://github.com/bcgit/bc-java/wiki/CVE-2020-15522(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20210622-0007/(cve@mitre.org)
https://www.bouncycastle.org/releasenotes.html(cve@mitre.org)
https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/bcgit/bc-java/wiki/CVE-2020-15522(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210622-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.bouncycastle.org/releasenotes.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.