Description
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
Remediation
References
https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
https://usn.ubuntu.com/3727-1/
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2927
https://security.netapp.com/advisory/ntap-20181127-0004/
https://www.oracle.com/security-alerts/cpuoct2020.html
Related Vulnerabilities
CVE-2015-0227 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom
CVE-2018-1002204 Vulnerability in npm package adm-zip
CVE-2022-43441 Vulnerability in npm package sqlite3
CVE-2021-35513 Vulnerability in npm package mermaid
CVE-2014-3576 Vulnerability in maven package org.apache.activemq:activemq-core