Candidate: CVE-2016-1000340
PublicDate: 2018-06-04 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
Description:
 In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry
 propagation bug was introduced in the implementation of squaring for
 several raw math classes have been fixed
 (org.bouncycastle.math.raw.Nat???). These classes are used by our custom
 elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so
 there was the possibility of rare (in general usage) spurious calculations
 for elliptic curve scalar multiplications. Such errors would have been
 detected with high probability by the output validation for our scalar
 multipliers.
Ubuntu-Description:
Notes:
 leosilva> trusty is not-affected. Vulnerable code was introduced later.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_bouncycastle:
 upstream: https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00
upstream_bouncycastle: released (1.56-1)
precise/esm_bouncycastle: DNE
trusty_bouncycastle: not-affected (1.49+dfsg-2)
trusty/esm_bouncycastle: DNE (trusty was not-affected [1.49+dfsg-2])
xenial_bouncycastle: ignored (end of standard support, was needed)
artful_bouncycastle: not-affected (1.57-1)
bionic_bouncycastle: not-affected (1.59-1)
cosmic_bouncycastle: not-affected (1.60-1)
disco_bouncycastle: not-affected (1.60-1)
eoan_bouncycastle: not-affected (1.60-1)
focal_bouncycastle: not-affected (1.60-1)
groovy_bouncycastle: not-affected (1.60-1)
hirsute_bouncycastle: not-affected (1.60-1)
impish_bouncycastle: not-affected (1.60-1)
jammy_bouncycastle: not-affected (1.60-1)
devel_bouncycastle: not-affected (1.60-1)