Lucene search

CVE-2018-1000180

🗓️ 05 Jun 2018 13:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 165 Views

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later

Reporter	Title	Published	Views	Family All 63
Veracode	Weak Computation Of Iterations For MR Primality Test	6 Jun 201807:03	–	veracode
Prion	Code injection	5 Jun 201813:29	–	prion
Debian	[SECURITY] [DSA 4233-1] bouncycastle security update	22 Jun 201819:59	–	debian
OpenVAS	openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2018:2820-1)	25 Sep 201800:00	–	openvas
OpenVAS	Debian: Security Advisory (DSA-4233-1)	21 Jun 201800:00	–	openvas
OpenVAS	Fedora Update for bouncycastle FEDORA-2018-ceced55c5e	19 Jun 201800:00	–	openvas
OpenVAS	Fedora Update for bouncycastle FEDORA-2018-da9fe79871	19 Jun 201800:00	–	openvas
OpenVAS	Fedora Update for bouncycastle FEDORA-2018-e6894349c9	30 Aug 201800:00	–	openvas
OpenVAS	Mageia: Security Advisory (MGASA-2018-0376)	28 Jan 202200:00	–	openvas
Github Security Blog	Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator	16 Oct 201817:44	–	github

Nvd

Node

bouncycastle fips_java_apiRange≤1.0.1

bouncycastle legion-of-the-bouncy-castle-java-crytography-apiRange1.54–1.59

Node

debian debian_linuxMatch9.0

Node

oracle api_gatewayMatch11.1.2.4.0

oracle business_process_management_suiteMatch11.1.1.9.0

oracle business_process_management_suiteMatch12.1.3.0.0

oracle business_process_management_suiteMatch12.2.1.3.0

oracle business_transaction_managementMatch12.1.0

oracle communications_application_session_controllerMatch3.7.1

oracle communications_application_session_controllerMatch3.8.0

oracle communications_converged_application_serverRange<7.0.0.1

oracle communications_webrtc_session_controllerRange<7.2

oracle enterprise_repositoryMatch12.1.3.0.0

oracle managed_file_transferMatch12.1.3.0.0

oracle managed_file_transferMatch12.2.1.3.0

oracle peoplesoft_enterprise_peopletoolsMatch8.55

oracle peoplesoft_enterprise_peopletoolsMatch8.56

oracle peoplesoft_enterprise_peopletoolsMatch8.57

oracle retail_convenience_and_fuel_pos_softwareMatch2.8.1

oracle retail_xstore_point_of_serviceMatch7.0

oracle retail_xstore_point_of_serviceMatch7.1

oracle soa_suiteMatch12.1.3.0.0

oracle soa_suiteMatch12.2.1.3.0

oracle webcenter_portalMatch11.1.1.9.0

oracle webcenter_portalMatch12.2.1.3.0

oracle weblogic_serverMatch12.1.3.0.0

Node

netapp oncommand_workflow_automationMatch-

Node

redhat virtualizationMatch4.2

Node

redhat jboss_enterprise_application_platformMatch7.1.0

AND

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

Source	Link
access	www.access.redhat.com/errata/RHSA-2018:2428
access	www.access.redhat.com/errata/RHSA-2018:2423
oracle	www.oracle.com/security-alerts/cpuapr2020.html
access	www.access.redhat.com/errata/RHSA-2018:2424
access	www.access.redhat.com/errata/RHSA-2019:0877
securityfocus	www.securityfocus.com/bid/106567
security	www.security.netapp.com/advisory/ntap-20190204-0003/
oracle	www.oracle.com/security-alerts/cpuoct2020.html
github	www.github.com/bcgit/bc-java/wiki/CVE-2018-1000180
access	www.access.redhat.com/errata/RHSA-2018:2669

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Jun 2018 13:29Current

7.1High risk

Vulners AI Score7.1

CVSS25

CVSS37.5

EPSS0.00424

CWE-327

cve bouncy castle bc rsa key pair generator vulnerability nvd security flaw update