CVE-2015-7940

Опубликовано: 09 нояб. 2015

Источник: ubuntu

Приоритет: low

CVSS2: 5

Описание

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Релиз	Статус	Примечание
artful	not-affected	1.57-1
bionic	not-affected	1.59-1
devel	not-affected	1.60-1
esm-apps/bionic	not-affected	1.59-1
esm-apps/xenial	not-affected	1.51-4ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [1.49+dfsg-2ubuntu0.1]]
precise	ignored	end of life
precise/esm	DNE	precise was needed
trusty	released	1.49+dfsg-2ubuntu0.1
trusty/esm	DNE	trusty was released [1.49+dfsg-2ubuntu0.1]

Показывать по

Ссылки на источники

5 Medium

CVSS2

Связанные уязвимости

CVE-2015-7940

CVSS3: 3.7

redhat

больше 10 лет назад

CVE-2015-7940

nvd

около 10 лет назад

CVE-2015-7940

debian

около 10 лет назад

The Bouncy Castle Java library before 1.51 does not validate a point i ...

openSUSE-SU-2015:1911-1

suse-cvrf

больше 10 лет назад

Security update for bouncycastle

GHSA-4mv7-cq75-3qjm

github

больше 7 лет назад

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

5 Medium

CVSS2

CVE-2015-7940

Описание

Пакет bouncycastle

Ссылки на источники

Связанные уязвимости