CVE-2016-1000340
bouncycastle: Carry propagation bug in math.raw.Nat??? class
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
En Bouncy Castle JCE Provider, de la versión 1.51 a la 1.55, se solucionó la introducción de un error de propagación de dígito (carry propagation) en la implementación de la elevación al cuadrado para varias clases raw math (org.bouncycastle.math.raw.Nat???). Las implementaciones de curva elíptica personalizadas emplean estas clases (org.bouncycastle.math.ec.custom.**), por lo que existe la posibilidad de que haya cálculos raros falsos para las multiplicaciones escalares de curva elíptica. Tales errores se hubiesen detectado con una alta probabilidad por la validación de salidas de los multiplicadores escalares.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-04 CVE Reserved
- 2018-06-04 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-19: Data Processing Errors
- CWE-682: Incorrect Calculation
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20181127-0004 | X_refsource_confirm |
|
| https://www.oracle.com/security-alerts/cpuoct2020.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31 | 2020-10-20 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2669 | 2020-10-20 | |
| https://access.redhat.com/errata/RHSA-2018:2927 | 2020-10-20 | |
| https://access.redhat.com/security/cve/CVE-2016-1000340 | 2018-10-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1588688 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bouncycastle Search vendor "Bouncycastle" | Legion-of-the-bouncy-castle-java-crytography-api Search vendor "Bouncycastle" for product "Legion-of-the-bouncy-castle-java-crytography-api" | >= 1.51 <= 1.55 Search vendor "Bouncycastle" for product "Legion-of-the-bouncy-castle-java-crytography-api" and version " >= 1.51 <= 1.55" | - |
Affected
| ||||||