Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-4mv7-cq75-3qjm

Опубликовано: 17 окт. 2018
Источник: github
Github: Прошло ревью

Описание

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Ссылки

Пакеты

Наименование

org.bouncycastle:bcprov-jdk15

maven
Затронутые версииВерсия исправления

< 1.51

1.51

Наименование

org.bouncycastle:bcprov-jdk14

maven
Затронутые версииВерсия исправления

< 1.51

1.51

Наименование

org.bouncycastle:bcprov-jdk15on

maven
Затронутые версииВерсия исправления

< 1.51

1.51

EPSS

Процентиль: 77%
0.01019
Низкий

CVE ID

CVE-2015-7940

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2015-7940

ubuntu
около 10 лет назад

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

redhat логотип

CVE-2015-7940

CVSS3: 3.7
redhat
больше 10 лет назад

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

nvd логотип

CVE-2015-7940

nvd
около 10 лет назад

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

debian логотип

CVE-2015-7940

debian
около 10 лет назад

The Bouncy Castle Java library before 1.51 does not validate a point i ...

suse-cvrf логотип

openSUSE-SU-2015:1911-1

suse-cvrf
больше 10 лет назад

Security update for bouncycastle

EPSS

Процентиль: 77%
0.01019
Низкий

CVE ID

CVE-2015-7940

Дефекты

CWE-200