Description

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2018:2927

https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31

https://security.netapp.com/advisory/ntap-20181127-0004/

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2023-39154 Vulnerability in maven package com.qualys.plugins:qualys-was

CVE-2023-26104 Vulnerability in npm package lite-web-server

CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient

CVE-2021-23899 Vulnerability in maven package com.mikesamuel:json-sanitizer

CVE-2016-10707 Vulnerability in maven package org.webjars.bower:jquery

Severity

High

Classification

CWE-19 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Patch Third Party Advisory