DSA-3417-1 bouncycastle -- bouncycastleID: oval:org.secpod.oval:def:602297 | Date: (C)2015-12-17 (M)2023-10-12 |
Class: PATCH | Family: unix |
Tibor Jager, Jörg Schwenk, and Juraj Somorovsky, from Horst Görtz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers
Platform: |
Debian 8.x |
Debian 7.x |