The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Bouncy Castle Java Cryptography Extension

computer vulnerability alert CVE-2018-1000613

Bouncy Castle Java Cryptography Extension: vulnerability via XMSS Private Keys Deserialization

Synthesis of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Impacted products: Bouncy Castle JCE, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Tuxedo, WebLogic.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 02/07/2018.
Identifiers: cpuapr2019, cpujan2019, CVE-2018-1000613, FEDORA-2018-e6894349c9, openSUSE-SU-2018:2131-1, openSUSE-SU-2018:2180-1, VIGILANCE-VUL-26596.

Description of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1000180

Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation

Synthesis of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Impacted products: Bouncy Castle JCE, Debian, Fedora, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Tuxedo, WebLogic, JBoss EAP by Red Hat.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 06/06/2018.
Identifiers: cpuapr2019, cpujan2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323.

Description of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5382

Bouncy Castle: information disclosure via BKS-V1

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via BKS-V1 of Bouncy Castle, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/03/2018.
Identifiers: CVE-2018-5382, VIGILANCE-VUL-25597, VU#306792.

Description of the vulnerability

An attacker can bypass access restrictions to data via BKS-V1 of Bouncy Castle, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-13098

Bouncy Castle: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of Bouncy Castle, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Debian, Fedora, openSUSE Leap, Solaris.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/12/2017.
Identifiers: bulletinjan2019, CVE-2017-13098, DSA-4072-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, openSUSE-SU-2018:1689-1, openSUSE-SU-2018:2131-1, VIGILANCE-VUL-24750.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of Bouncy Castle, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 24749

TLS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Cisco ACE, BIG-IP Hardware, TMOS, Mule ESB, Java OpenJDK, Java Oracle, Palo Alto Firewall PA***, PAN-OS, RabbitMQ, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-ALE-020, cisco-sa-20171212-bleichenbacher, CSCvg74693, CTX230238, K21905460, PAN-SA-2017-0032, ROBOT Attack, VIGILANCE-VUL-24749, VU#144389.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-6644

Bouncy Castle: information disclosure via GCM

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via GCM of Bouncy Castle, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Debian, Fedora, Android OS, JBoss EAP by Red Hat, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 11/04/2017.
Identifiers: CVE-2015-6644, DLA-893-1, DSA-3829-1, FEDORA-2017-4c3ac44551, RHSA-2017:1832-01, RHSA-2017:2808-01, RHSA-2017:2809-01, RHSA-2017:2810-01, RHSA-2017:2811-01, USN-3727-1, VIGILANCE-VUL-22393.

Description of the vulnerability

An attacker can bypass access restrictions to data via GCM of Bouncy Castle, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000340

Bouncy Castle: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Bouncy Castle.
Impacted products: Bouncy Castle JCE, Debian, openSUSE Leap, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 22/12/2016.
Identifiers: CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, DLA-1418-1, openSUSE-SU-2018:1689-1, RHSA-2018:2669-01, USN-3727-1, VIGILANCE-VUL-21455.

Description of the vulnerability

Several vulnerabilities were announced in Bouncy Castle.

An attacker can tamper with DSA/ECDSA signed data, without failure of the signature check. [severity:3/4; CVE-2016-1000338, CVE-2016-1000342]

A local attacker can measure the AES implementation speed, in order to get information about the secret key. [severity:1/4; CVE-2016-1000339]

The ECDH implementation of arithmetic for large integers includes carry propagation bugs. [severity:1/4; CVE-2016-1000340]

An attacker can time a DSA signature in order to get information about the private key. [severity:1/4; CVE-2016-1000341]

The default size of DSA keys is too small. [severity:1/4; CVE-2016-1000343]

The ECIES and DHIES algorithm accept the ECB mode. [severity:1/4; CVE-2016-1000344, CVE-2016-1000352]

An attacker can time decryption of blindly modified ciphertext, in order to get information about the corresponding plain text. [severity:1/4; CVE-2016-1000345]

An attacker can make use invalid DH public keys, in order to get information about the related private keys. [severity:1/4; CVE-2016-1000346]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 21223

Bouncy Castle JCE: incorrect computation of NatX.square

Synthesis of the vulnerability

An attacker can use a computation error in NatX.square() in the ECDH implementation of Bouncy Castle JCE, in order to obtain a static key.
Impacted products: Bouncy Castle JCE.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 29/11/2016.
Identifiers: VIGILANCE-VUL-21223.

Description of the vulnerability

The Bouncy Castle JCE product offers methods to square numbers: Nat192.square(), Nat256.square(), SecP384R1Field.square(), etc. These functions are only used to compute with elliptic curves.

However, an error occurs in 1/2^48 cases, which is undetected in 1/2^100 cases. When static (not ephemeral) keys are used with ECDH, an attacker can thus progressively compute the key.

An attacker can therefore use a computation error in NatX.square() in the ECDH implementation of Bouncy Castle JCE, in order to obtain a static key.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-7575

Bouncy Castle: MD5 allowed in TLS 1.2

Synthesis of the vulnerability

An attacker can create a collision with a weak algorithm such as MD5 in a TLS 1.2 session of Bouncy Castle, in order to capture data belonging to this session.
Impacted products: Bouncy Castle JCE, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 30/12/2015.
Identifiers: CVE-2015-7575, openSUSE-SU-2016:0605-1, SLOTH, SUSE-SU-2016:0256-1, VIGILANCE-VUL-18615.

Description of the vulnerability

The Bouncy Castle library implements TLS version 1.2.

However, Bouncy Castle does not check if the algorithm used in the DigitallySigned structure is part of the accepted algorithms indicated in the signature_algorithms extension or the CertificateRequest message.

This vulnerability has the same origin than VIGILANCE-VUL-18586.

An attacker can therefore create a collision with a weak algorithm such as MD5 in a TLS 1.2 session of Bouncy Castle, in order to capture data belonging to this session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-2613 CVE-2015-7940

Bouncy Castle, Oracle Java: disclosure of elliptic curve private keys

Synthesis of the vulnerability

An attacker can use a vulnerability in the elliptic curve implementation of Bouncy Castle and Oracle Java, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Fedora, IRAD, WebSphere MQ, Mule ESB, SnapManager, Java OpenJDK, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Java Oracle, JavaFX, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Ubuntu.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/10/2015.
Identifiers: 1968485, 1972455, 9010041, 9010044, BSA-2016-002, cpuapr2018, cpujan2017, cpujan2018, cpujan2019, cpujul2015, cpujul2017, cpujul2018, cpuoct2017, CVE-2015-2613, CVE-2015-7940, DSA-3417-1, FEDORA-2015-7d95466eda, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1911-1, RHSA-2016:2035-01, RHSA-2016:2036-01, USN-3727-1, VIGILANCE-VUL-18168.

Description of the vulnerability

The Bouncy Castle and Oracle Java products implement algorithms based on elliptic curves.

However, if the client forces the server to compute a common secret based on points located outside the chosen curve, he can progressively guess the full server key.

An attacker can therefore use a vulnerability in the elliptic curve implementation of Bouncy Castle and Oracle Java, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Bouncy Castle Java Cryptography Extension: