Description

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2018:2927

https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31

https://security.netapp.com/advisory/ntap-20181127-0004/

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2021-27515 Vulnerability in maven package org.webjars.bowergithub.unshiftio:url-parse

CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin

CVE-2013-7378 Vulnerability in npm package hubot-scripts

CVE-2022-31180 Vulnerability in npm package shescape

CVE-2018-1000194 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-19 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Patch Third Party Advisory