bouncycastle: Information leak in AESFastEngine class

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...

bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

bouncycastle: ECIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

DEBIAN-CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

Security Bulletin: IBM Worklight Android Pseudo Random Number Generator Weakness (CVE-2013-5391)

Summary Android applications that use Java Cryptography Architecture for key generation, signing or random number generation might not receive cryptographically strong values due to improper initialization of the underlying Pseudo Random Number Generator. Vulnerability Details CVEID: CVE-2013-539...

Unspecified Vulnerability in Bouncy Castle JCE Provider

Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in the DHIES/ECIES CBC mode in Bouncy Castle JCE Provider 1.55 and earlier versions. An attacker can exploit the vulnerability via padding to determine the cause of a decryption failure...

openSUSE Security Update : bouncycastle (openSUSE-2018-628)

This update for bouncycastle to version 1.59 fixes the following issues : These security issues were fixed : - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite usin...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

Bouncy Castle JCE Provider AESFastEngine and AESEngine Information Disclosure Vulnerabilities

Bouncy Castle JCE Provider is a Java-based encryption package . AESFastEngine and AESEngine are among the encryption engines. A security vulnerability exists in AESFastEngine and AESEngine in Bouncy Castle JCE Provider 1.55 and earlier versions. An attacker could exploit this vulnerability to...

Unspecified Vulnerability in Bouncy Castle JCE Provider

Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in Bouncy Castle JCE Provider version 1.55 and earlier. A detailed description of the vulnerability is not available at this time...

Bouncy Castle JCE Provider Design Vulnerability

Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in Bouncy Castle JCE Provider version 1.55 and earlier, which stems from ECDSA's failure to adequately validate signature encoding using ASN.1. An attacker can exploit the vulnerability to introduce...

UBUNTU-CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

DEBIAN-CVE-2016-1000340

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed org.bouncycastle.math.raw.Nat???. These classes are used by our custom elliptic curve implementations...

DEBIAN-CVE-2016-1000339

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...

DEBIAN-CVE-2016-1000341

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...