1. Home
  2. Vulnerabilities
  3. CVE-2016-1000340

CVE-2016-1000340

CVSS v3.0 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.22 % (60th)
0.22% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

Weaknesses
CWE-19
Data Processing Errors
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-06-04 13:29:00
(6 years ago)
Updated Date
2020-10-20 22:15:17
(3 years ago)

Affected Products

Bouncycastle

Configuration #1

    CPE23 From Up To
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api from 1.51 version and 1.55 and prior versions cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api >= 1.51 <= 1.55