CVE-2018-1000613

CWE-470 CWE-502 — Deserialization of Untrusted Data10 documents7 sources

Severity

9.8CRITICAL

EPSS

5.0%

top 10.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bouncycastle Bc-java Oracle Communications Converged Application Server Oracle Communications Webrtc Session Controller +20 more

Timeline

PublishedJul 9

Latest updateOct 17

Description

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages25 packages

▶NVDbouncycastle/bc-java1.58 — 1.60

▶Mavenorg.bouncycastle:bcprov-jdk15on1.57 — 1.60

▶Debianbouncycastle< 1.60-1+3

▶NVDoracle/communications_converged_application_server< 7.0.0.1+1

▶NVDoracle/communications_application_session_controller3.7.1, 3.8.0+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Deserialization of Untrusted Data in Bouncy castle↗2018-10-17

▶

GHSA

Deserialization of Untrusted Data in Bouncy castle↗2018-10-17

▶

OSV

CVE-2018-1000613: Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1↗2018-07-09

▶

CVEList

CVE-2018-1000613: Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1↗2018-07-09

▶

📋Vendor Advisories

Red Hat

bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information↗2018-03-03

▶

Debian

CVE-2018-1000613: bouncycastle - Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1...↗2018

▶

💬Community

Bugzilla

CVE-2018-1000613 bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information [epel-all]↗2018-07-13

▶

Bugzilla

CVE-2018-1000613 bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information↗2018-07-13

▶

Bugzilla

CVE-2018-1000613 bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information [fedora-all]↗2018-07-13

▶