CVE-2015-7940
CVSS v2.0
5 (Medium)
EPSS
0.25 % (65th)
Affected Products
7
Advisories
4
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2015-11-09 16:59:09
(8 years ago) - Updated Date
-
2019-01-16 19:29:07
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...