Skip to content

CVE‐2024‐30171

David Hook edited this page May 11, 2024 · 2 revisions

Issue affecting: BC TLS Java 1.0.18 and earlier. BC C# .NET 2.3.0 and earlier.

Fixed versions: BC TLS Java 1.0.19. BC C# .NET 2.3.1

Platform affected: All JVMs. All CLRs.

Possible timing side-channel for RSA key exchange ("The Marvin Attack"). The timing signal appeared to be related to the interaction of the TLS APIs with exception handling in the underlying low-level APIs used for providing cryptographic services.

Use of RSA PKCS#1.5 is now disabled by default in the BC TLS APIs.

Fix Commits:

Java:

C# .NET

Clone this wiki locally