USN-8108-1
- Source
- https://ubuntu.com/security/notices/USN-8108-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8108-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-8108-1
- Upstream
- Related
- Published
- 2026-03-18T17:51:59Z
- Modified
- 2026-03-19T08:44:14.528712Z
- Summary
- bouncycastle vulnerabilities
- Details
-
It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search filter. An attacker could possibly use this issue to perform an LDAP injection attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-33201)
It was discovered that Bouncy Castle incorrectly handled specially crafted F2m parameters in the ECCurve algorithm. An attacker could possibly use this issue to cause Bouncy Castle to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-29857)
It was discovered that Bouncy Castle leaked timing information when handling exceptions during an RSA handshake. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-30171)
It was discovered that Bouncy Castle incorrectly handled endpoint identification with an SSL socket enabled without an explicit hostname. An attacker could possibly use this issue to perform a DNS poisoning attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-34447)
Bing Shi discovered that Bouncy Castle incorrectly handled resource memory allocation. An attacker could possibly use this issue to cause Bouncy Castle to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-8916)
- References
-
- https://ubuntu.com/security/notices/USN-8108-1
- https://ubuntu.com/security/CVE-2023-33201
- https://ubuntu.com/security/CVE-2024-29857
- https://ubuntu.com/security/CVE-2024-30171
- https://ubuntu.com/security/CVE-2024-30172
- https://ubuntu.com/security/CVE-2024-34447
- https://ubuntu.com/security/CVE-2025-8916
Affected packages
Ubuntu:Pro:16.04:LTS / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/ubuntu/bouncycastle@1.51-4ubuntu1+esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.51-4ubuntu1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.51-4ubuntu1+esm1",
"binary_name": "libbcmail-java"
},
{
"binary_version": "1.51-4ubuntu1+esm1",
"binary_name": "libbcpg-java"
},
{
"binary_version": "1.51-4ubuntu1+esm1",
"binary_name": "libbcpkix-java"
},
{
"binary_version": "1.51-4ubuntu1+esm1",
"binary_name": "libbcprov-java"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2023-33201"
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8108-1.json"
Ubuntu:Pro:18.04:LTS / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/ubuntu/bouncycastle@1.59-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.59-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.59-1ubuntu0.1~esm1",
"binary_name": "libbcmail-java"
},
{
"binary_version": "1.59-1ubuntu0.1~esm1",
"binary_name": "libbcpg-java"
},
{
"binary_version": "1.59-1ubuntu0.1~esm1",
"binary_name": "libbcpkix-java"
},
{
"binary_version": "1.59-1ubuntu0.1~esm1",
"binary_name": "libbcprov-java"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2023-33201"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-29857"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-30171"
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8108-1.json"
Ubuntu:Pro:20.04:LTS / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/ubuntu/bouncycastle@1.61-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.61-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.61-1ubuntu0.1~esm1",
"binary_name": "libbcmail-java"
},
{
"binary_version": "1.61-1ubuntu0.1~esm1",
"binary_name": "libbcpg-java"
},
{
"binary_version": "1.61-1ubuntu0.1~esm1",
"binary_name": "libbcpkix-java"
},
{
"binary_version": "1.61-1ubuntu0.1~esm1",
"binary_name": "libbcprov-java"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2023-33201"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-29857"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-30171"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-34447"
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8108-1.json"
Ubuntu:Pro:22.04:LTS / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/ubuntu/bouncycastle@1.68-5ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.68-5ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.68-5ubuntu0.1~esm1",
"binary_name": "libbcmail-java"
},
{
"binary_version": "1.68-5ubuntu0.1~esm1",
"binary_name": "libbcpg-java"
},
{
"binary_version": "1.68-5ubuntu0.1~esm1",
"binary_name": "libbcpkix-java"
},
{
"binary_version": "1.68-5ubuntu0.1~esm1",
"binary_name": "libbcprov-java"
},
{
"binary_version": "1.68-5ubuntu0.1~esm1",
"binary_name": "libbctls-java"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2023-33201"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-29857"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-30171"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-34447"
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8108-1.json"
Ubuntu:Pro:24.04:LTS / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/ubuntu/bouncycastle@1.77-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.77-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.77-1ubuntu0.1~esm1",
"binary_name": "libbcjmail-java"
},
{
"binary_version": "1.77-1ubuntu0.1~esm1",
"binary_name": "libbcmail-java"
},
{
"binary_version": "1.77-1ubuntu0.1~esm1",
"binary_name": "libbcpg-java"
},
{
"binary_version": "1.77-1ubuntu0.1~esm1",
"binary_name": "libbcpkix-java"
},
{
"binary_version": "1.77-1ubuntu0.1~esm1",
"binary_name": "libbcprov-java"
},
{
"binary_version": "1.77-1ubuntu0.1~esm1",
"binary_name": "libbctls-java"
},
{
"binary_version": "1.77-1ubuntu0.1~esm1",
"binary_name": "libbcutil-java"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-29857"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-30171"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-30172"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-34447"
},
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-8916"
}
],
"ecosystem": "Ubuntu:Pro:24.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8108-1.json"