Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1000341

Опубликовано: 07 июн. 2018
Источник: redhat
CVSS3: 5.1
EPSS Низкий

Описание

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

Отчет

This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
JBoss Developer Studio 11bouncycastleNot affected
Red Hat JBoss Data Grid 7bouncycastleNot affected
Red Hat JBoss Data Virtualization 6bouncycastleOut of support scope
Red Hat JBoss Enterprise Application Platform 7bouncycastleNot affected
Red Hat JBoss Fuse 6bouncycastleWill not fix
Red Hat JBoss Fuse Integration Service 2bouncycastleNot affected
Red Hat OpenShift Application RuntimesbouncycastleNot affected
Red Hat Single Sign-On 7bouncycastleNot affected
Red Hat Software Collectionsrh-eclipse46-bouncycastleWill not fix
Red Hat Subscription Asset ManagerbouncycastleWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-385
https://bugzilla.redhat.com/show_bug.cgi?id=1588708bouncycastle: Information exposure in DSA signature generation via timing attack

EPSS

Процентиль: 74%
0.00797
Низкий

5.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-1000341

CVSS3: 5.9
ubuntu
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

nvd логотип

CVE-2016-1000341

CVSS3: 5.9
nvd
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

debian логотип

CVE-2016-1000341

CVSS3: 5.9
debian
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signatu ...

github логотип

GHSA-r9ch-m4fh-fc7q

CVSS3: 5.9
github
больше 7 лет назад

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

suse-cvrf логотип

openSUSE-SU-2018:1689-1

suse-cvrf
больше 7 лет назад

Security update for bouncycastle

EPSS

Процентиль: 74%
0.00797
Низкий

5.1 Medium

CVSS3