RSS   Vulnerabilities for 'Bouncy castle crypto package'   RSS

2015-11-09
 
CVE-2015-7940

CWE-310
 

 
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

 

 >>> Vendor: Bouncycastle 11 Products
Bouncy-castle-crypto-package
Legion-of-the-bouncy-castle-java-crytography-api
Legion-of-the-bouncy-castle-c%23-crytography-api
Legion-of-the-bouncy-castle-c#-crytography-api
Bouncy castle crypto package
Legion-of-the-bouncy-castle-c#-cryptography-api
Fips java api
Bc-csharp
Bouncy castle fips .net api
Legion-of-the-bouncy-castle-fips-java-api
The bouncy castle crypto package for java


Copyright 2024, cxsecurity.com

 

Back to Top