Bug 2256406 (CVE-2022-45146)
| Summary: | CVE-2022-45146 bouncy-castle: Improper Authentication | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | anstephe, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, chfoley, clement.escoffier, dandread, darran.lofthouse, dkreling, dosoudil, drichtar, fjuma, gsmet, hamadhan, ivassile, iweiss, jmartisk, jscholz, lgao, lthon, max.andersen, mosmerov, msochure, mstefank, msvehla, mulliken, nwallace, olubyans, pdrozd, peholase, pgallagh, pjindal, pmackay, probinso, pskopek, rowaters, rruss, rstancel, rsvoboda, sbiarozk, sdouglas, smaestri, sthorger, swoodman, tom.jenkinson, tqvarnst |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | org.bouncycastle-bc-fips 1.0.2.4 | Doc Type: | --- |
| Doc Text: |
A flaw was found in the FIPS Java API of Bouncy Castle BC-FJA. Affected versions of this package are vulnerable to Improper Authentication. Changes to the JVM garbage collector in Java 13 and later can trigger an issue in the BC-FJA FIPS modules, where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2256407 | ||
|
Description
Avinash Hanwate
2024-01-02 05:22:33 UTC
|