An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-21T00:00:00
Updated: 2024-08-03T14:09:56.019Z
Reserved: 2022-11-11T00:00:00
Link: CVE-2022-45146
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-21T10:15:31.593
Modified: 2024-02-13T19:15:08.393
Link: CVE-2022-45146
Redhat