CVE-2017-13098

CWE-203 CWE-30010 documents7 sources

Severity

5.9MEDIUM

EPSS

66.2%

top 1.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bouncycastle Bc-java Legion OF THE Bouncy Castle Bouncycastle TLS

Timeline

PublishedDec 13

Latest updateMay 13

Description

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDbouncycastle/bc-java< 1.59

▶Mavenorg.bouncycastle:bcprov-jdk15on< 1.0.3

▶Debianbouncycastle< 1.58-1+3

▶CVEListV5legion_of_the_bouncy_castle/bouncycastle_tls<1.0.3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Observable Discrepancy in BouncyCastle↗2022-05-13

▶

OSV

Observable Discrepancy in BouncyCastle↗2022-05-13

▶

OSV

CVE-2017-13098: BouncyCastle TLS prior to version 1↗2017-12-13

▶

CVEList

BouncyCastle JCE TLS Bleichenbacher/ROBOT↗2017-12-13

▶

📋Vendor Advisories

Red Hat

bouncycastle: TLS server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing plaintext recovery or MITM attack↗2017-12-12

▶

Debian

CVE-2017-13098: bouncycastle - BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cr...↗2017

▶

💬Community

Bugzilla

CVE-2017-13098 bouncycastle: TLS server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing plaintext recovery or MITM attack↗2017-12-13

▶

Bugzilla

CVE-2017-13098 bouncycastle: TLS server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing plaintext recovery or MITM attack [fedora-all]↗2017-12-13

▶

Bugzilla

CVE-2017-14919 nodejs: DoS via specific windowBits value↗2017-11-22

▶