CVE-2015-7940
published 2015-11-09CVE-2015-7940: The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain…
medium5CVSS 3.1
AVNACLAuNCPINAN
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bouncycastle | bouncy_castle_crypto_package | <= 1.50 | — |
| debian | bouncycastle | < bouncycastle 1.51-1 (bookworm) | bouncycastle 1.51-1 (bookworm) |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | application_testing_suite | — | — |
| oracle | application_testing_suite | — | — |
| oracle | application_testing_suite | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | virtual_desktop_infrastructure | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM