The Bouncy Castle Java library prior to 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote malicious users to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.1 |
||
bouncycastle bouncy castle crypto package |
||
oracle virtual desktop infrastructure 3.5.2 |
||
oracle enterprise manager ops center 12.1.4 |
||
oracle peoplesoft enterprise peopletools 8.55 |
||
oracle peoplesoft enterprise peopletools 8.54 |
||
oracle enterprise manager ops center 12.2.2 |
||
oracle application testing suite 12.5.0.2 |
||
oracle application testing suite 12.5.0.3 |
||
oracle application testing suite 12.5.0.1 |