MEDIUM · CVSS 5.9
CVE-2024-30171 — Bouncy Castle timing side-channel
A timing side-channel in Bouncy Castle's RSA-PKCS#1 v1.5 implementation could allow an attacker to recover key material or plaintext through repeated oracle queries.
Affects
- Bouncy Castle Java < 1.78
What an attacker does
Applications using Bouncy Castle for RSA decryption with PKCS#1 v1.5 padding leaked timing signals. An attacker with the ability to send ciphertexts and measure response time could mount a Bleichenbacher-style attack.
How to detect
Check the Java dependency graph.
How to fix
Upgrade Bouncy Castle to 1.78+. Prefer OAEP over PKCS#1 v1.5 where possible.
How Securie catches it
Securie's Java + crypto scanner flags vulnerable BC versions in auth paths.