Your submission was sent successfully! Close

CVE-2016-1000343

Published: 4 June 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
bouncycastle
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.57-1)
bionic Not vulnerable
(1.59-1)
cosmic Not vulnerable
(1.60-1)
disco Not vulnerable
(1.60-1)
eoan Not vulnerable
(1.60-1)
focal Not vulnerable
(1.60-1)
groovy Not vulnerable
(1.60-1)
hirsute Not vulnerable
(1.60-1)
impish Not vulnerable
(1.60-1)
jammy Not vulnerable
(1.60-1)
precise Does not exist

trusty Does not exist
(trusty was released [1.49+dfsg-2ubuntu0.1])
upstream
Released (1.56-1)
xenial Ignored
(end of standard support, was needed)