GitHub Advisory DatabaseGHSA-FJQM-246C-MWQGIn Bouncy Castle JCE Provider the other party DH public key is not fully validated
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
71.0%
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party’s private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.bouncycastle:bcprov-jdk15 | lt | 1.56 | |
| org.bouncycastle:bcprov-jdk14 | lt | 1.56 |
References
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2018:2927
github.com/advisories/GHSA-fjqm-246c-mwqg
github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
lists.debian.org/debian-lts-announce/2018/07/msg00009.html
nvd.nist.gov/vuln/detail/CVE-2016-1000346
security.netapp.com/advisory/ntap-20181127-0004/
usn.ubuntu.com/3727-1/
www.oracle.com/security-alerts/cpuoct2020.html
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
71.0%