CVE-2015-7940
Description
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.019
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.2 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.54 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.54 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Vulnerabilities CVE-2015-7940 are fixed in BouncyCastle - bcprov-jdk14 1.51 | Windows |
| Vulnerabilities CVE-2015-7940 are fixed in BouncyCastle-bcprov-jdk15on 1.51 | Windows |
| Vulnerabilities CVE-2015-7940 are fixed in BouncyCastle - bcprov-jdk15 1.51 | Windows |
| Java implementation of cryptographic algorithms (USN-3727-1) libbcpg-java_1.49+dfsg-2ubuntu0.1_all.deb | Linux |
| Java implementation of cryptographic algorithms (USN-3727-1) libbcmail-java_1.49+dfsg-2ubuntu0.1_all.deb | Linux |
| Java implementation of cryptographic algorithms (USN-3727-1) libbcpkix-java_1.49+dfsg-2ubuntu0.1_all.deb | Linux |
| Java implementation of cryptographic algorithms (USN-3727-1) libbcprov-java_1.49+dfsg-2ubuntu0.1_all.deb | Linux |
| Vulnerabilities CVE-2015-7940 are fixed in BouncyCastle - bcprov-jdk14 for Linux 1.51 | Linux |
| Vulnerabilities CVE-2015-7940 are fixed in BouncyCastle-bcprov-jdk15on for Linux 1.51 | Linux |
| Vulnerabilities CVE-2015-7940 are fixed in BouncyCastle - bcprov-jdk15 for Linux 1.51 | Linux |
| CVE-2015-7940 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234