CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1000341 – bouncycastle: Information exposure in DSA signature generation via timing attack
https://notcve.org/view.php?id=CVE-2016-1000341
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. En Bouncy Castle JCE Provider, en versiones 1.55 y anteriores, la generación de firmas DSA es vulnerable a ataques de sincronización. En los casos en los que se puede observar detenidamente la sincronización para la generación de firmas, la falta de blindaje en las versiones 1.55 o anteriores puede permitir que un atacante obtenga información sobre el valor k de la firma y, en última instancia, también del valor privado. • https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2927 https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html https://security.netapp.com/advisory/ntap-20181127-0004 https://usn.ubuntu.com/3727-1 https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2016-1000341 https://bugzilla.redhat.com • CWE-361: 7PK - Time and State CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1000342 – bouncycastle: ECDSA improper validation of ASN.1 encoding of signature
https://notcve.org/view.php?id=CVE-2016-1000342
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. En Bouncy Castle JCE Provider en versiones 1.55 y anteriores, el ECDSA no valida completamente el cifrado ASN.1 de la firma en verificación. Es posible inyectar elementos extra en la secuencia que forma la firma y, aún así, validarla. En algunos casos, esto podría permitir la introducción de datos "invisibles" en una estructura firmada. • https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2927 https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9 https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html https://security.netapp.com/advisory/ntap-20181127-0004 https://usn.ubuntu.com/3727-1 https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2016-1000342 https://bugzilla.redhat.com • CWE-295: Improper Certificate Validation CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1000343 – bouncycastle: DSA key pair generator generates a weak private key by default
https://notcve.org/view.php?id=CVE-2016-1000343
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. En Bouncy Castle JCE Provider en versiones 1.55 y anteriores, el generador de pares de claves DSA genera una clave privada débil si se emplea con los valores por defecto. Si el generador de pares de claves JCA no se inicializa explícitamente con parámetros DSA, las versiones 1.55 y anteriores generan un valor privado asumiendo un tamaño de clave de 1024 bits. • https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2927 https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html https://security.netapp.com/advisory/ntap-20181127-0004 https://usn.ubuntu.com/3727-1 https://www.oracle.com/secur • CWE-310: Cryptographic Issues CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1000338 – bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data
https://notcve.org/view.php?id=CVE-2016-1000338
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. En Bouncy Castle JCE Provider en versiones 1.55 y anteriores, el DSA no valida completamente el cifrado ASN.1 de la firma en verificación. Es posible inyectar elementos extra en la secuencia que forma la firma y, aún así, validarla. En algunos casos, esto podría permitir la introducción de datos "invisibles" en una estructura firmada. • https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2927 https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0 https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html https://security.netapp.com/advisory/ntap-20231006-0011 https://usn.ubuntu.com/3727-1 https://www.oracle.com/secur • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-5382 – Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
https://notcve.org/view.php?id=CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself. • http://www.securityfocus.com/bid/103453 https://access.redhat.com/errata/RHSA-2018:2927 https://www.bouncycastle.org/releasenotes.html https://www.kb.cert.org/vuls/id/306792 https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2018-5382 https://bugzilla.redhat.com/show_bug.cgi?id=1563749 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-354: Improper Validation of Integrity Check Value •