CVE-2016-1000340

NameCVE-2016-1000340
DescriptionIn the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bouncycastle (PTS)jessie, jessie (lts)1.49+dfsg-3+deb8u3fixed
stretch (security)1.56-1+deb9u3fixed
stretch (lts), stretch1.56-1+deb9u4fixed
buster1.60-1fixed
buster (security)1.60-1+deb10u1fixed
bullseye1.68-2fixed
bookworm1.72-2fixed
trixie, sid1.77-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bouncycastlesourcewheezy(unfixed)end-of-life
bouncycastlesourcejessie(not affected)
bouncycastlesource(unstable)1.56-1

Notes

[jessie] - bouncycastle <not-affected> (Vulnerable code introduced later)
https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
Search for package or bug name: Reporting problems