Lucene search

K

Veracode Vulnerability DatabaseVERACODE:3294

HistoryJan 16, 2017 - 3:22 a.m.

Carry Propagation

2017-01-1603:22:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0.002

Percentile

60.1%

bouncycastle is vulnerable to carry propagation bugs. This bug caused mathematical miscalculations during static Elliptic Curve Diffie Hellman which in rare cases for it to miscalculate elliptic curve scalar multiplication. This allows a malicious user in certain cases to obtain the key.

References

access.redhat.com/errata/RHSA-2018:2669

access.redhat.com/errata/RHSA-2018:2927

github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31

security.netapp.com/advisory/ntap-20181127-0004/

vigilance.fr/vulnerability/Bouncy-Castle-multiple-vulnerabilities-21455

www.bouncycastle.org/releasenotes.html

www.oracle.com/security-alerts/cpuoct2020.html

EPSS

0.002

Percentile

60.1%

Related for VERACODE:3294

debiancve1 prion1 github1 cvelist1 redhatcve1 ubuntucve1 nvd1 cve1 osv1 suse1 openvas2 nessus2 ibm6 mageia1 redhat2 oracle1