Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1000346

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.

Published

2018-06-04T21:29:00.303

Last Modified

2025-05-12T17:37:16.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 3.7 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-320

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bouncycastle	bc-java	≤ 1.55	Yes
Operating System	debian	debian_linux	8.0	Yes

References

https://access.redhat.com/errata/RHSA-2018:2669 ([email protected])
https://access.redhat.com/errata/RHSA-2018:2927 ([email protected])
https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937 Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20181127-0004/ ([email protected])
https://usn.ubuntu.com/3727-1/ ([email protected])
https://www.oracle.com/security-alerts/cpuoct2020.html ([email protected])
https://access.redhat.com/errata/RHSA-2018:2669 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2927 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20181127-0004/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3727-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html (af854a3a-2127-422b-91ae-364da2661108)