|Description||The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|bouncycastle (PTS)||jessie, jessie (lts)||1.49+dfsg-3+deb8u3||fixed|
|stretch (security), stretch (lts), stretch||1.56-1+deb9u3||fixed|
The information below is based on the following data on fixed versions.
Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
Peter Dettman <firstname.lastname@example.org> offered to assist if backporting fails and to review the result.