# CVE-2026-5598 Vulnerability Summary ## Overview - **Title**: Non-constant time comparisons risk private key leakage in FrodoKEM. - **Description**: In the `tverify()` function of FrodoKEM, there is an issue with non-constant time comparison, which may lead to private key leakage. This issue allows an attacker to recover the private key by observing timing differences during the decryption process. ## Impact Scope - **Affected Versions**: BC 1.71 to BC 1.83 - **Platform**: Java 4 and later ## Remediation - **Fixed Version**: BC 1.84 - **Fix Details**: - The fix introduces two commits: - [commit 94abb656413dfdac651fd878bc60253871ef5e87](https://github.com/bcgit/bc-java/commit/94abb656413dfdac651fd878bc60253871ef5e87) - [commit 8692e6b2b191f64aafa32545c7a78bdb90f110c5](https://github.com/bcgit/bc-java/commit/8692e6b2b191f64aafa32545c7a78bdb90f110c5) - These commits move the `sample()` function and refactor the `tverify()` function. ## Related Discussion - Section 10.3.1 of the [latest standard proposal](https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/pqc/crypto/frodokem/FrodoKEM.java#L103.1) mentions timing attack issues related to FrodoKEM. - This update includes some concerns related to Bouncy Castle and has been reported to us.