CVE-2024-30171

ADVISORY - github

Summary

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

EPSS Score⁠: 0.00045 (0.134)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-203⁠

Observable Discrepancy

ADVISORY - github

CWE-203⁠

Observable Discrepancy

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-203⁠

Observable Discrepancy

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-208⁠

Observable Timing Discrepancy

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.