Vulnerability Details : CVE-2016-1000341
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
Products affected by CVE-2016-1000341
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- Bouncycastle » Legion-of-the-bouncy-castle-java-crytography-apiVersions up to, including, (<=) 1.55cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1000341
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1000341
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2016-1000341
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1000341
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020
-
https://usn.ubuntu.com/3727-1/
USN-3727-1: Bouncy Castle vulnerabilities | Ubuntu security notices
-
https://access.redhat.com/errata/RHSA-2018:2927
RHSA-2018:2927 - Security Advisory - Red Hat Customer Portal
-
https://security.netapp.com/advisory/ntap-20181127-0004/
June 2018 Bouncy Castle Vulnerabilities in NetApp Products | NetApp Product Security
-
https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
added randomizer to DSA signature generation · bcgit/bc-java@acaac81 · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2669
RHSA-2018:2669 - Security Advisory - Red Hat Customer Portal
-
https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
[SECURITY] [DLA 1418-1] bouncycastle security updateThird Party Advisory
Jump to