Description

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2018:2927

https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31

https://security.netapp.com/advisory/ntap-20181127-0004/

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2023-30514 Vulnerability in maven package org.jenkins-ci.plugins:azure-keyvault

CVE-2020-28496 Vulnerability in maven package org.webjars.npm:three

CVE-2019-16767 Vulnerability in npm package ezmaster

CVE-2023-5104 Vulnerability in npm package nocodb

CVE-2022-26049 Vulnerability in maven package com.diffplug.gradle:goomph

Severity

High

Classification

CWE-19 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Patch Third Party Advisory