CVE-2024-30171: 
Java vulnerability analysis and mitigation

A vulnerability was discovered in Bouncy Castle Java TLS API and JSSE Provider versions before 1.78, identified as CVE-2024-30171. The vulnerability relates to timing-based leakage that may occur in RSA-based handshakes due to exception processing. The issue was discovered and disclosed in May 2024, affecting all Java Virtual Machines (JVMs) and Common Language Runtimes (CLRs) (BC-Java Wiki).

The vulnerability is classified as a timing side-channel vulnerability, specifically related to RSA key exchange (known as 'The Marvin Attack'). The timing signal was linked to the interaction between TLS APIs and exception handling in the underlying low-level APIs used for cryptographic services. The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N (NetApp Advisory).

Successful exploitation of this vulnerability could lead to the disclosure of sensitive information through timing-based leakage during RSA-based handshakes (NetApp Advisory).

The vulnerability has been fixed in Bouncy Castle version 1.78. The fix includes disabling RSA PKCS#1.5 by default in the BC TLS APIs. The fixes were implemented through multiple commits: for Java in commits d7d5e735abd64bf0f413f54fd9e495fc02400fb0 and e0569dcb1dea9d421d84fc4c5c5688fe101afa2d, and for C# .NET in commit c984b8bfd8544dfc55dba91a02cbbbb9c580c217 (BC-Java Wiki).