UNKNOWN Maven
Bouncy Castle Has Covert Timing Channel Vulnerability
GHSA-p93r-85wp-75v3 · CVE-2026-5598
Published · Modified
Description
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java.
This issue only affects users of the FrodoKEM algorithm involved in the decryption of encapsulations.
This issue affects BC-JAVA: from 1.71 to 1.80.1, 1.81, 1.82 to 1.83.
Fixed versions: 1.80.2, 1.81.1, 1.84
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-5598
- WEB https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5
- WEB https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87
- PACKAGE https://github.com/bcgit/bc-java
- WEB https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598
- WEB https://github.com/bcgit/bc-java/wiki/CVE-2026-5598
Ready to move
Start Securing
Free, no credit card | First findings in minutes