CVE-2007-6721

Description

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

Affected products

• bouncycastle / bc-java1.37
• bouncycastle / bc-java1.01 – 1.01
• bouncycastle / bc-java1.02 – 1.02
• bouncycastle / bc-java1.03 – 1.03
• bouncycastle / bc-java1.04 – 1.04
• bouncycastle / bc-java1.05 – 1.05
• bouncycastle / bc-java1.06 – 1.06
• bouncycastle / bc-java1.07 – 1.07
• bouncycastle / bc-java1.08 – 1.08
• bouncycastle / bc-java1.09 – 1.09
• bouncycastle / bc-java1.10 – 1.10
• bouncycastle / bc-java1.11 – 1.11
• bouncycastle / bc-java1.12 – 1.12
• bouncycastle / bc-java1.13 – 1.13
• bouncycastle / bc-java1.14 – 1.14
• bouncycastle / bc-java1.15 – 1.15
• bouncycastle / bc-java1.16 – 1.16
• bouncycastle / bc-java1.17 – 1.17
• bouncycastle / bc-java1.18 – 1.18
• bouncycastle / bc-java1.19 – 1.19
• bouncycastle / bc-java1.20 – 1.20
• bouncycastle / bc-java1.21 – 1.21
• bouncycastle / bc-java1.22 – 1.22
• bouncycastle / bc-java1.23 – 1.23
• bouncycastle / bc-java1.24 – 1.24
• bouncycastle / bc-java1.25 – 1.25
• bouncycastle / bc-java1.26 – 1.26
• bouncycastle / bc-java1.27 – 1.27
• bouncycastle / bc-java1.28 – 1.28
• bouncycastle / bc-java1.29 – 1.29
• bouncycastle / bc-java1.30 – 1.30
• bouncycastle / bc-java1.31 – 1.31
• bouncycastle / bc-java1.32 – 1.32
• bouncycastle / bc-java1.33 – 1.33
• bouncycastle / bc-java1.34 – 1.34
• bouncycastle / bc-java1.35 – 1.35
• bouncycastle / bc-java1.36 – 1.36
• bouncycastle / bouncy-castle-crypto-package1.35
• bouncycastle / bouncy-castle-crypto-package1.0 – 1.0
• bouncycastle / bouncy-castle-crypto-package1.01 – 1.01
• bouncycastle / bouncy-castle-crypto-package1.02 – 1.02
• bouncycastle / bouncy-castle-crypto-package1.03 – 1.03
• bouncycastle / bouncy-castle-crypto-package1.3.1 – 1.3.1
• bouncycastle / bouncy-castle-crypto-package1.04 – 1.04
• bouncycastle / bouncy-castle-crypto-package1.05 – 1.05
• bouncycastle / bouncy-castle-crypto-package1.06 – 1.06
• bouncycastle / bouncy-castle-crypto-package1.07 – 1.07
• bouncycastle / bouncy-castle-crypto-package1.08 – 1.08
• bouncycastle / bouncy-castle-crypto-package1.09 – 1.09
• bouncycastle / bouncy-castle-crypto-package1.11 – 1.11
• bouncycastle / bouncy-castle-crypto-package1.12 – 1.12
• bouncycastle / bouncy-castle-crypto-package1.13 – 1.13
• bouncycastle / bouncy-castle-crypto-package1.14 – 1.14
• bouncycastle / bouncy-castle-crypto-package1.15 – 1.15
• bouncycastle / bouncy-castle-crypto-package1.16 – 1.16
• bouncycastle / bouncy-castle-crypto-package1.17 – 1.17
• bouncycastle / bouncy-castle-crypto-package1.18 – 1.18
• bouncycastle / bouncy-castle-crypto-package1.19 – 1.19
• bouncycastle / bouncy-castle-crypto-package1.20 – 1.20
• bouncycastle / bouncy-castle-crypto-package1.21 – 1.21
• bouncycastle / bouncy-castle-crypto-package1.22 – 1.22
• bouncycastle / bouncy-castle-crypto-package1.23 – 1.23
• bouncycastle / bouncy-castle-crypto-package1.24 – 1.24
• bouncycastle / bouncy-castle-crypto-package1.25 – 1.25
• bouncycastle / bouncy-castle-crypto-package1.26 – 1.26
• bouncycastle / bouncy-castle-crypto-package1.27 – 1.27
• bouncycastle / bouncy-castle-crypto-package1.28 – 1.28
• bouncycastle / bouncy-castle-crypto-package1.29 – 1.29
• bouncycastle / bouncy-castle-crypto-package1.30 – 1.30
• bouncycastle / bouncy-castle-crypto-package1.32 – 1.32
• bouncycastle / bouncy-castle-crypto-package1.33 – 1.33
• bouncycastle / bouncy-castle-crypto-package1.34 – 1.34

References

• MISChttp://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
• MISChttp://www.osvdb.org/50358
• MISChttp://www.bouncycastle.org/csharp/
• MISChttp://www.osvdb.org/50360
• MISChttp://www.bouncycastle.org/releasenotes.html
• MISChttp://www.osvdb.org/50359
• MISChttp://www.bouncycastle.org/devmailarchive/msg08195.html