QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1000339

Published: Jun 4, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20181127-0004/

x_refsource_CONFIRM

https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.