DescriptionThe Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Overall state of this security issue: Ignore
This issue is currently rated as having important severity.
|National Vulnerability Database|
- TID7022077, published Sat Mar 3 09:45:43 UTC 2018
- openSUSE-SU-2015:1911-1, published Wed, 4 Nov 2015 17:17:31 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 13.1|| ||Patchnames:
|openSUSE Leap 42.1|| ||Patchnames:
|openSUSE Tumbleweed|| ||Patchnames:
openSUSE Tumbleweed GA bouncycastle