Your submission was sent successfully! Close

CVE-2018-1000180

Published: 5 June 2018

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
bouncycastle
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Not vulnerable
(1.60-1)
disco Not vulnerable
(1.60-1)
eoan Not vulnerable
(1.60-1)
focal Not vulnerable
(1.60-1)
groovy Not vulnerable
(1.60-1)
hirsute Not vulnerable
(1.60-1)
impish Not vulnerable
(1.60-1)
jammy Not vulnerable
(1.60-1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (1.59-2)
xenial Not vulnerable
(code not present)