Severity
7.5HIGH
EPSS
0.4%
top 39.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 4
Latest updateOct 17
Description
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by …
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
3Bugzilla
▶
Bugzilla▶
CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class [fedora-all]↗2018-06-07