CVE

CVE-2024-30171

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

CVE

CVE-2024-30171

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

Package Versions Affected

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.sshd:sshd-core

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.sshd:sshd-core

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.activemq:activemq-jaas

Available

Unavailable

org.apache.zookeeper:zookeeper

Available

Unavailable

org.apache.sshd:sshd-common

Available

Unavailable

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

Related Resources

No items found.

References

Severity

5.9

CVSS Score

Basic Information

Ecosystem

Base CVSS

5.9

EPSS Probability

0.00045%

EPSS Percentile

0.15709%

Introduced Version

1.46

Fix Available

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2024-30171

CVE-2024-30171

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

5.9

Basic Information

Fix Critical Vulnerabilities Instantly