From 3f2de86f4ef150374715e71bc2a93b98c26795b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Bresson?= Date: Fri, 22 May 2026 19:14:39 +0200 Subject: [PATCH] Improve GHSA-p93r-85wp-75v3 --- .../2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json b/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json index 7a13240d6cbe2..4f93e85ec266c 100644 --- a/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json +++ b/advisories/github-reviewed/2026/04/GHSA-p93r-85wp-75v3/GHSA-p93r-85wp-75v3.json @@ -1,17 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-p93r-85wp-75v3", - "modified": "2026-04-25T23:25:24Z", + "modified": "2026-04-25T23:25:25Z", "published": "2026-04-17T18:31:50Z", "aliases": [ "CVE-2026-5598" ], "summary": "Bouncy Castle Has Covert Timing Channel Vulnerability", - "details": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.84.", + "details": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. \nThis issue only affects users of the FrodoKEM algorithm involved in the decryption of encapsulations.\nThis issue affects BC-JAVA: from 1.71 to 1.80.1, 1.81, 1.82 to 1.83.\n\nFixed versions: 1.80.2, 1.81.1, 1.84", "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" } ], "affected": [ @@ -99,7 +99,7 @@ "cwe_ids": [ "CWE-385" ], - "severity": "HIGH", + "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2026-04-25T23:25:24Z", "nvd_published_at": "2026-04-15T10:16:49Z"