Name | CVE-2015-7940 |
Description | The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-361-1, DSA-3417-1 |
Debian Bugs | 802671 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
bouncycastle (PTS) | jessie, jessie (lts) | 1.49+dfsg-3+deb8u3 | fixed |
| stretch (security) | 1.56-1+deb9u3 | fixed |
| stretch (lts), stretch | 1.56-1+deb9u4 | fixed |
| buster (security), buster, buster (lts) | 1.60-1+deb10u1 | fixed |
| bullseye | 1.68-2 | fixed |
| bookworm | 1.72-2 | fixed |
| sid, trixie | 1.77-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
Peter Dettman <peter.dettman@bouncycastle.org> offered to assist if backporting fails and to review the result.