CVE-2018-1000180: Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key…

high7.5CVSS 3.0

AVNACLPRNUINSUCHINAN

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
bouncycastle	bc-java	1.54 – 1.59	—
bouncycastle	fips_java_api	<= 1.0.1	—
debian	bouncycastle	< bouncycastle 1.59-2 (bookworm)	bouncycastle 1.59-2 (bookworm)
debian	debian_linux	—	—
oracle	api_gateway	—	—
oracle	business_process_management_suite	—	—
oracle	business_process_management_suite	—	—
oracle	business_process_management_suite	—	—
oracle	business_transaction_management	—	—
oracle	communications_application_session_controller	—	—
oracle	communications_application_session_controller	—	—
oracle	communications_converged_application_server	< 7.0.0.1	7.0.0.1
oracle	communications_webrtc_session_controller	< 7.2	7.2
oracle	enterprise_repository	—	—
oracle	managed_file_transfer	—	—
oracle	managed_file_transfer	—	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	retail_convenience_and_fuel_pos_software	—	—
oracle	retail_xstore_point_of_service	—	—
oracle	retail_xstore_point_of_service	—	—
oracle	soa_suite	—	—
oracle	soa_suite	—	—
oracle	webcenter_portal	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

osv7.5HIGH