Your submission was sent successfully! Close

CVE-2017-13098

Published: 13 December 2017

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
bouncycastle
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1.59-1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (1.58-1)
xenial Not vulnerable
(code not present)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c