Your submission was sent successfully! Close

CVE-2018-1000180

Published: 05 June 2018

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
bouncycastle
Launchpad, Ubuntu, Debian
Upstream
Released (1.59-2)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(1.60-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.60-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.60-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
Upstream: https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839