DNA View

CVE-2024-30171

Medium

Low Medium High Critical

5.9

CVSS Score

Published: May 14, 2024

Last Modified: Nov 21, 2024

CWE: CWE-203

Vulnerability Description

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Available Security Patches

3 patches available from vendors

View All Patches

Canonical (Ubuntu)

USN-8108-1

USN-8108-1: Bouncy Castle vulnerabilities

Severity

Unknown

Released

Mar 18, 2026

Security Update

View Details Vendor Page

Oracle

CPUJAN2026

Oracle Critical Patch Update Advisory - January 2026

Severity

Critical

Released

Jan 20, 2026

Restart Required

Security Update

View Details Vendor Page

Oracle

CPUJAN2025

Oracle Critical Patch Update Advisory - January 2025

Severity

Critical

Released

Jan 21, 2025

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

5.9

out of 10.0

Medium

Weakness Type (CWE)

CWE-203

Observable Discrepancy

Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or…
Typical Severity: Medium
Abstraction Level: Base