5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-30171

CVE-2024-30171: Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-30171

CVE-2024-30171:

5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.bouncycastle:bctls-fips	maven	< 1.0.19	1.0.19
org.bouncycastle:bcprov-jdk18on	maven	< 1.78	1.78
org.bouncycastle:bcprov-jdk15on	maven	< 1.78	1.78
org.bouncycastle:bcprov-jdk15to18	maven	< 1.78	1.78
org.bouncycastle:bcprov-jdk14	maven	< 1.78	1.78
org.bouncycastle:bctls-jdk18on	maven	< 1.78	1.78
org.bouncycastle:bctls-jdk14	maven	< 1.78	1.78
org.bouncycastle:bctls-jdk15to18	maven	< 1.78	1.78
BouncyCastle	nuget	< 2.3.1
BouncyCastle.Cryptography	nuget	< 2.3.1	2.3.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from non-constant-time processing in RSA PKCS#1 v1.5 decryption during TLS handshakes. The commit diffs show critical changes to: 1) TlsRsaKeyExchange.DecryptPreMasterSecret where input validation and constant-time masking were added, 2) JceDefaultTlsCredentialedDecryptor where version checking was made constant-time, and 3) Replacement of PKCS1Encoding's padding check with a constant-time implementation. These functions previously leaked timing information through early-exit conditions and observable processing differences between valid/invalid padding cases.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-30171: Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

CVE-2024-30171:

5.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.9

5.9

Basic Information

Basic Information

Technical Details

CVE-2024-30171: Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI