CVE编号
CVE-2020-28052利用情况
POC 已公开补丁情况
官方补丁披露时间
2020-12-18漏洞描述
A vulnerability classified as critical has been found in Bouncy Castle Legion of the Bouncy Castle 1.65/1.66. Affected is the function OpenBSDBCrypt.checkPassword of the component Utility Method Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability.解决建议
安装官方补丁。
参考链接 |
|
|---|---|
| https://github.com/bcgit/bc-java/wiki/CVE-2020-28052 | |
| https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c2... | |
| https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff9... | |
| https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9... | |
| https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab92... | |
| https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1... | |
| https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab645... | |
| https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef9... | |
| https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bd... | |
| https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f3... | |
| https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c... | |
| https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9... | |
| https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb600... | |
| https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21... | |
| https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb... | |
| https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881... | |
| https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293... | |
| https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb5... | |
| https://www.bouncycastle.org/releasenotes.html | |
| https://www.oracle.com//security-alerts/cpujul2021.html | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | |
| https://www.oracle.com/security-alerts/cpujan2022.html | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | |
| https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/ |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | bouncycastle | legion-of-the-bouncy-castle-java-crytography-api | 1.65 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | bouncycastle | legion-of-the-bouncy-castle-java-crytography-api | 1.66 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_20 | bouncycastle | * |
Up to (excluding) 1.60-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | unionos_20 | bouncycastle | * |
Up to (excluding) 1.60-1 |
|||||
- 攻击路径 本地
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 POC 已公开
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...