Your submission was sent successfully! Close

CVE-2017-13098

Published: 13 December 2017

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
bouncycastle
Launchpad, Ubuntu, Debian
Upstream
Released (1.58-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.59-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c