Home > Vulnerability Database > CVE-2022-45146

Mend.io Vulnerability Database

CVE-2022-45146

Date: November 21, 2022

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.

Language: Java

Severity Score

5.5

Related Resources (5)

Url: https://mvnrepository.com/artifact/org.bouncycastle/bc-fips

Url: https://github.com/bcgit/bc-java/wiki/CVE-2022-45146

Url: https://www.bouncycastle.org/latest_releases.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-45146

Url: https://www.mend.io/vulnerability-database/CVE-2022-45146

Severity Score

5.5

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-45146

Date: November 21, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?