CVE-2016-1000346

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-1000346
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000346.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-1000346
Aliases
Downstream
Related
Published
2018-06-04T21:29:00.303Z
Modified
2026-04-10T03:47:06.434109Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.

References

Affected packages

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
70b39c9a84327f522bcbe89d5a5fda65ebf630ac
Fixed
1127131c89021612c6eefa26dbe5714c194e7495
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.55"
        }
    ]
}

Affected versions

Other
r1rv49
r1rv50
r1rv51
r1rv52
r1rv53
r1rv54
r1rv55

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000346.json"